Entity Framework Security
Posted
by NYSystemsAnalyst
on Stack Overflow
See other posts from Stack Overflow
or by NYSystemsAnalyst
Published on 2010-04-26T19:48:44Z
Indexed on
2010/04/26
20:03 UTC
Read the original article
Hit count: 142
entity-framework
|.net-3.5
In my organization, we are just beginning to use the Entity Framework for some applications. In the past, we have pushed developers to utilize stored procedures for all database access. In addition to helping with SQL injection, we tried to grant logins access to stored procedures only to keep security relatively tight.
Although inserting, updating, and deleting are easily done through stored procedures in the EF, it appears to be difficult to use stored procedures to query data with EF. However, using LINQ or Entity SQL and allowing EF to create the queries means giving a user read access to the entire database.
How have others handled this dilemma?
© Stack Overflow or respective owner