March 14, 2005 at 4:31 pm
Hi,
My application accepts user to type in queries and execute them against the database, and show the results (something like Query Analyzer). However, I want to restrict the user to do "select", "insert" commands only and not something like "drop table", or "drop database" etc.,.
How do I do this checking before actually execting the query (or before passing it to SQL Server)?. Basically, I need to check whether there are any DDL commands involved in the query or not.. Something like a parser which would analyze the query and tell me whether it is safe or not to execute them.. I do not want to do any "string" comparison for words like "drop", "delete" in the query by myself but want SQL Server to do so..
Can anyone throw some light on this?.
Thanks,
Ganesh
March 14, 2005 at 8:55 pm
Have you consider to limit them right in database?
March 15, 2005 at 7:10 am
Yes, I can implement Security in the database, but at the same time, I would still like NOT to send such "drop" commands to the database and would like to interpret before hand.
Is there a way to do this?. Please help!
Thanks,
Ganesh
March 15, 2005 at 7:19 am
not without coding it yourself.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply