Instead of having your plugins be able to execute SQL commands, why not use something like ActiveRecord + NHibernate (or some other ORM) with LINQ? NHibernate 2.1 was just released with LINQ support, so you could do something like:<p>int BugCount = Bug.Where(case => case.Id = caseId).Count();<p>(Where caseId is a parameter or something). It'd really simplify the API and keep you from doing safety checks on the SQL passed by the plugins. You might even be able to simply some of your "display" code to use Dynamic LINQ queries for the sorting and so forth.<p>I've been using the ASP.NET MVC + NHibernate + ActiveRecord + LINQ "stack" for several months now (though I've been an ASP.NET developer for about five years), and I have to say that my productivity has gone way up thanks to it.