Database permissions and ORMs
Posted
by Jonn
on Stack Overflow
See other posts from Stack Overflow
or by Jonn
Published on 2010-05-12T06:03:16Z
Indexed on
2010/05/12
6:34 UTC
Read the original article
Hit count: 222
orm
|database-permissions
I've been using .NET's Entity Framework a lot lately and have absolutely no wish to go back to using Stored Procedures. Been shocked though that the company I'm building this project for had a policy where applications were only given accounts that only had permissions to access stored procedures!
Apparently, they believe that there's a security risk involved in allowing applications to access the tables/views directly. I don't get this.
- My first question is, can someone enlighten me as to what kind of security risk applications having direct access to the database may pose? AND
- If that's the case, are there any other ORM solutions that can provide a workaround to this (I can't think of any logical possibility atm) that would allow me to circumvent the restrictions on the user account to be assigned to me? OR is my understanding that I'd need direct permissions for the tables and views wrong?
© Stack Overflow or respective owner