MySQL Forums
Forum List  »  Newbie

Re: no stored procedures???
Posted by: Andrew Gilfrin
Date: July 27, 2005 05:26AM

Not exactly.

What you need to do is create a couple of users and assign only the privilages needed to do the various task.

So for example a connection user who is only granted access to select from the logon details table, this will stop hackers being able to update the tables using SQL injection. Then once authenticated use another user to select/insert/update records, but again only allow those users direct privilages on the tables, so if they only need to view data from a table only assign the select privilage.

Also the other thing to do is in your asp.net programs is to use prepared statements, this reduces the possibiliy of SQL injection attacks.

Andrew Gilfrin
------------------
http://gilfster.blogspot.com
My MySQL related Blog

http://www.mysqldevelopment.com
MySQL Stored Procedure,Trigger, View.... (Just about most things these days) Information

Options: ReplyQuote


Subject
Written By
Posted
July 26, 2005 07:29PM
Re: no stored procedures???
July 27, 2005 05:26AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.