While the first Azure Data Studio extension I developed (First Responder Kit extension) made HTTP GET requests, it did not pass information to external services. The next extension, an extension for Paste the Plan, does send plan information to the external service via HTTP POST requests. I understand that public exposure of information isn’t for everyone – but simply installing the extension doesn’t send data to Paste the Plan.
The Paste the Plan extension for Azure Data Studio brings to the forefront an important topic – data privacy. It is important to understand the implications of any extensions you might install. While the Paste the Plan extension securely hands your execution plan off to Paste the Plan via https, Paste the Plan is a public website and your execution plan is publicly available from there. One benefit to open source software is that it puts power in the community’s hands to review the code and raise concerns about the way it treats your data. Another benefit to the open source extensions is that they can be used as guidebooks and frameworks when working on your own extensions. If an extension is open source, as many are, you can access the source code from the link in the Extension Gallery.
One of the ways to contribute to open source software is through code reviews. Code reviews can reveal security vulnerabilities, more efficient architecture, and opportunities for new functionality. While I haven’t had the opportunity to add contributing information to all my projects, others are welcome to contribute in many ways to the Paste the Plan extension for Azure Data Studio and other open source projects.