in reply to Preventing malicious T-SQL injection attacks
The traditional solution, both for MS SQL Server and Sybase is to grant the ordinary database user execute privilege - but nothing else! Then all insert/update/delete/select can only be performed by executing procs written by the privileged users. It means writing four access procedures per logical table, but these can be templated and generated from Perl.
-M
Free your mind
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Preventing malicious T-SQL injection attacks
by smithers (Friar) on Mar 05, 2007 at 18:41 UTC | |
by Moron (Curate) on Mar 05, 2007 at 18:57 UTC |
In Section
Seekers of Perl Wisdom