Re: no stored procedures???
Not exactly.
What you need to do is create a couple of users and assign only the privilages needed to do the various task.
So for example a connection user who is only granted access to select from the logon details table, this will stop hackers being able to update the tables using SQL injection. Then once authenticated use another user to select/insert/update records, but again only allow those users direct privilages on the tables, so if they only need to view data from a table only assign the select privilage.
Also the other thing to do is in your asp.net programs is to use prepared statements, this reduces the possibiliy of SQL injection attacks.
Andrew Gilfrin
------------------
http://gilfster.blogspot.com
My MySQL related Blog
http://www.mysqldevelopment.com
MySQL Stored Procedure,Trigger, View.... (Just about most things these days) Information
Subject
Written By
Posted
Re: no stored procedures???
July 27, 2005 05:26AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.