Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.databases.postgresql > #474

Re: in general for security do you use stored procs only?

Show all headers | View raw

On Thursday, June 20, 2013 10:21:46 AM UTC-7, Robert Klemme wrote:
> On 20.06.2013 00:26, johannes falcone wrote:
> 
> > like someone logs in as the web app, and does select * from *
> 
> > sweeping through that entire database for all info?
> 
> 
> 
> And stored procedures help exactly how to prevent that?  You probably 
> 
> rather want to look up "SQL injection" with your favorite duckduckgo.
> 
> 
> 
> Cheers
> 
> 
> 
> 	robert
> 
> 
> 
> 
> 
> -- 
> 
> remember.guy do |as, often| as.you_can - without end
> 
> http://blog.rubybestpractices.com/

well injection is beside the point

the idea proclaimed by a storage guru next to me ina meeting, is that web code calls only established predefined queries encased in so caled stored procedure

this to mea seems quite logical

then anyone trying to grab all the dataq with a general sweeping sql command wil be stymied because the web code i s only allowed to run these predefined sccripts if u will

so control is kept

seems quite awesome a logical, eps if you can re use proceures..

Back to comp.databases.postgresql | Previous | Next — Previous in thread | Find similar

Thread

in general for security do you use stored procs only? johannes falcone <visphatesjava@gmail.com> - 2013-06-18 12:03 -0700
  Re: in general for security do you use stored procs only? Robert Klemme <shortcutter@googlemail.com> - 2013-06-19 06:31 -0700
    Re: in general for security do you use stored procs only? johannes falcone <visphatesjava@gmail.com> - 2013-06-19 15:26 -0700
      Re: in general for security do you use stored procs only? Robert Klemme <shortcutter@googlemail.com> - 2013-06-20 19:21 +0200
        Re: in general for security do you use stored procs only? johannes falcone <visphatesjava@gmail.com> - 2013-08-11 20:45 -0700

csiph-web