![]() |
|
P is for Practical | |
PerlMonks |
Re: Preventing malicious T-SQL injection attacksby Moron (Curate) |
on Mar 05, 2007 at 13:07 UTC ( [id://603205]=note: print w/replies, xml ) | Need Help?? |
The traditional solution, both for MS SQL Server and Sybase is to grant the ordinary database user execute privilege - but nothing else! Then all insert/update/delete/select can only be performed by executing procs written by the privileged users. It means writing four access procedures per logical table, but these can be templated and generated from Perl.
-M Free your mind
In Section
Seekers of Perl Wisdom
|
|