Do I have to use Stored Procedures to get query level security or can I still do this with Dynamic S
Posted
by Peter Smith
on Stack Overflow
See other posts from Stack Overflow
or by Peter Smith
Published on 2010-05-06T20:24:10Z
Indexed on
2010/05/06
20:28 UTC
Read the original article
Hit count: 239
I'm developing an application where I'm concerned about locking down access to the database. I know I can develop stored procedures (and with proper parameter checking) limit a database user to an exact set of queries to execute. It's imperative that no other queries other then the ones I created in the stored procedures be allowed to execute under that user.
Ideally even if a hacker gained access to the database connection (which only accepts connections from certain computers) they would only be able to execute the predefined stored procedures.
Must I choose stored procedures for this or can I use Dynamic Sql with these fine grain permissions?
© Stack Overflow or respective owner