| |
| |||||||
| Sponsored Links |
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
March 23rd, 2008, 10:22 PM
| |||
| |||
 Permissions on Tables, Stored Procedures, etc. I briefly read somewhere that it is better to grant only execute permissions on stored procedures for the account used for web site visitors. It said something about not allowing this account any other access to the tables. Can anyone elaborate on this for me? I'm not sure I understand what could be wrong with allowing this account to run a SELECT statement, for example, against a table. Thanks, theChris |
| Sponsored Links |
|
#2
March 24th, 2008, 10:47 AM
| ||||
| ||||
| You rarely want users to have full permissions to access the tables. Executing stored procedures to perform validations will protect the integrity of your database It will also create extra lines of defense by denying permission to underlying objects "like your tables", as rules can be set so that users can access data and objects in the way that you intend your application to be used. And importantly from a security point of view, you can limit the creation of Ad hoc queries and even more importantly disable data modifications. This prevents users from maliciously or inadvertently destroying data. Stored procedures are written once, and can then accessed by many applications. This can reduce network traffic by combining multiple operations into one procedure call, rather than calling multiple queries that can effect the performance of you db. Hope this helps,... AOG
__________________ If i helped you, make me famous by clicking the  |
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Dynamic Stored Procedure | jmurrayhead | Microsoft SQL Server | 16 | March 26th, 2008 11:19 AM |
| How to Properly Configure Web Permissions on an Access Database | jmurrayhead | ASP Development | 0 | March 23rd, 2008 10:44 AM |
Linear Mode
