Database permissions and ORMs

Posted by Jonn on Stack Overflow See other posts from Stack Overflow or by Jonn
Published on 2010-05-12T06:03:16Z Indexed on 2010/05/12 6:34 UTC
Read the original article Hit count: 219

Filed under:
|

I've been using .NET's Entity Framework a lot lately and have absolutely no wish to go back to using Stored Procedures. Been shocked though that the company I'm building this project for had a policy where applications were only given accounts that only had permissions to access stored procedures!

Apparently, they believe that there's a security risk involved in allowing applications to access the tables/views directly. I don't get this.

  1. My first question is, can someone enlighten me as to what kind of security risk applications having direct access to the database may pose? AND
  2. If that's the case, are there any other ORM solutions that can provide a workaround to this (I can't think of any logical possibility atm) that would allow me to circumvent the restrictions on the user account to be assigned to me? OR is my understanding that I'd need direct permissions for the tables and views wrong?

© Stack Overflow or respective owner

Related posts about orm

Related posts about database-permissions