Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

SQL Injection - Part 1 Expand / Collapse
Author
Message
Posted Wednesday, February 25, 2004 6:42 AM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Today @ 10:52 AM
Points: 295, Visits: 277

The active account should not even be a DBO in the database(s) it uses. I recommend creating at least two db roles, one for general users and one for administrative access. Each role should only have permission to execute the stored procedures relevant to the role.

This might be a little off-topic but is security ever off-topic?

 



Bryant E. Byrd, BSSE MCDBA MCAD
Business Intelligence Administrator
MSBI Administration Blog
Post #102219
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse