Saturday, April 07, 2012

Improve your Security with Stored Procedures

Try not to grant access to tables directly to users. If you grant delete access, for example, you cannot prevent a user from deleting 1000 rows when he should only be deleting 1. It is better to write stored procedures to access your data then grant execute access on these procedures to the users. The logic in the stored procedure will then provide a further level of control over what the user does.

No comments: