

Show HN: oculus - a logging, web-based SQL client for teams (open source) - prosa
http://oculusapp.com

======
gsiener
Very cool. Reminds me of Heroku's Data Clip [1] service released as part of
their Postgres as a service offering.

[1]
[https://postgres.heroku.com/blog/past/2012/1/31/simple_data_...](https://postgres.heroku.com/blog/past/2012/1/31/simple_data_sharing_with_data_clips/)

~~~
prosa
Yeah, that's a neat project. I was already thinking about building this before
they launched, and their positive reception spurred me on.

If you're already using Heroku Postgres there's a ton of overlap between the
services, but I'm hoping to provide a decent open source alternative for the
rest of us. :)

------
prosa
Author here. I do a lot of analysis each day and am constantly sharing it with
my team by taking screenshots of Sequel Pro. I built Oculus so I could keep a
centrally available repository of my research, that everyone could access and
collaborate on. It definitely has a ways to go, but I would love feedback!

Also, this is my first attempt at providing a live demo of software that can
execute arbitrary SQL. I'm probably crazy for doing this, but I thought it was
a lot more interesting than doing a video. If the demo suddenly disappears,
you'll know I wasn't able to harden it enough... :)

------
benatkin
Great idea, and very well executed! I ran a few queries and got this:
<http://demo.oculusapp.com/queries/204>

~~~
prosa
Thanks! (Sadly I think the demo cron job will delete that after an hour or so
:))

------
jfi
social sequel pro - very innovative!

------
toomuchtodo
If only there was something like this for SQL Server =(

~~~
prosa
If you can run Rack apps in your environment, it would be pretty
straightfoward to add a SQL Server driver to Oculus. Right now it supports
MySQL and Postgres.

~~~
toomuchtodo
Our environment is self-managed and flexible, so I should be able to throw
something together to run this.

If I get it to work, I'll pass along whatever info I learn in the process.

~~~
prosa
Cool! I'm happy to provide guidance, and I'll take a pull request if you can
get it working with some unit tests.

------
Toshio
I would be fascinated to find out how you protect against SQL injection.

~~~
prosa
It's designed to be used within a team environment, where you trust everyone.
(Although even then, I highly recommend using it with a readonly SQL account!)
I would be skeptical of any situation where you could run raw untrusted SQL
without any risks, at least without reimplementing MySQL's AST parser.

As for the demo, it's isolated, and locked down as well as MySQL will allow.
(For starters, just SELECT privileges.)

