Do I have to use Stored Procedures to get query level security or can I still do this with Dynamic S

Posted by Peter Smith on Stack Overflow See other posts from Stack Overflow or by Peter Smith
Published on 2010-05-06T20:24:10Z Indexed on 2010/05/06 20:28 UTC
Read the original article Hit count: 239

Filed under:
|
|
|
|

I'm developing an application where I'm concerned about locking down access to the database. I know I can develop stored procedures (and with proper parameter checking) limit a database user to an exact set of queries to execute. It's imperative that no other queries other then the ones I created in the stored procedures be allowed to execute under that user.

Ideally even if a hacker gained access to the database connection (which only accepts connections from certain computers) they would only be able to execute the predefined stored procedures.

Must I choose stored procedures for this or can I use Dynamic Sql with these fine grain permissions?

© Stack Overflow or respective owner

Related posts about stored

Related posts about procedures