lenne_dk (7/25/2011)
I think this article could also be listed as "how to compromise the databaseserver, when you have compromised the webserver" 😉
Agreed. Add to that the subtitle of "while bypassing a code review and without your DBA knowing".
Taking nothing away from the author, the usefulness of this article is that I have to find a way to keep this from happening. 🙂 I suspect it will have to do with what I've always believed in... only read permissions on non-Development boxes for everyone except designated DBA's.
--Jeff Moden
Change is inevitable... Change for the better is not.