I briefly read somewhere that it is better to grant only execute permissions on stored procedures for the account used for web site visitors. It said something about not allowing this account any other access to the tables. Can anyone elaborate on this for me? I'm not sure I understand what could be wrong with allowing this account to run a SELECT statement, for example, against a table.
Thanks,
theChris
You rarely want users to have full permissions to access the tables. Executing stored procedures to perform validations will protect the integrity of your database
It will also create extra lines of defense by denying permission to underlying objects "like your tables", as rules can be set so that users can access data and objects in the way that you intend your application to be used.
And importantly from a security point of view, you can limit the creation of Ad hoc queries and even more importantly disable data modifications. This prevents users from maliciously or inadvertently destroying data.
Stored procedures are written once, and can then accessed by many applications. This can reduce network traffic by combining multiple operations into one procedure call, rather than calling multiple queries that can effect the performance of you db.
Hope this helps,...
AOG
If i helped you, make me famous by clicking the
Okay, that makes sense. Thanks
Posting Permissions 
LinkBack URL
About LinkBacks
Bookmarks