dynamic sql and select access
-
Hello
Is it a security concern or threat when the dynamic sql uses ONLY select queries and the web application does not return sensitive information.
Thanks
-
Is the dynamic SQL being ran from inside stored procedures on the sql box or is it coded into the web pages?
If it's the first then it's not going to be too bad (so long as you validate the data entry properly, although there are plenty of reasons to avoid dynamic SQL if at all possible); if it's the second then why bother with even looking at security, you might as well give up now because it's only a matter of time before your system is compromised.
Sorry if this seems a little blunt, I blame it on a lack of sleep
-
It is being run from a stored proc on sql box. Thanks for your reply
-
but even when is being run from a stored proc on sql box you still have to be worry about sql injection and guard really well those parameters!
* Noel
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply