That's not a matter of battle hardened experience. Publicly exposing database management endpoints that allow arbitrary execution is a *massive* no-no that even a junior developer with zero experience should be able to sense is a bad idea.