Re: EXEC in stored procedure
From: Aaron [SQL Server MVP] (ten.xoc_at_dnartreb.noraa)
Date: 10/26/04
- Next message: Tom Moreau: "Re: One Web Service updates SQL, another can't?"
- Previous message: Steve Ricketts: "Re: One Web Service updates SQL, another can't?"
- In reply to: Magnus Blomberg: "EXEC in stored procedure"
- Next in thread: Magnus Blomberg: "Re: EXEC in stored procedure"
- Reply: Magnus Blomberg: "Re: EXEC in stored procedure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Oct 2004 13:43:53 -0400
> Is the EXEC command inside the SP run as the user? Why?
One reason I can think of is because dynamic SQL is a very serious security
concern, and if you allow any table name -- or any SQL command, for that
matter -- to run, just because the user can run the stored procedure, then a
user can wreak havoc on your system quite easily.
So, the engine verifies permission once it resolves the dynamic SQL...
A
- Next message: Tom Moreau: "Re: One Web Service updates SQL, another can't?"
- Previous message: Steve Ricketts: "Re: One Web Service updates SQL, another can't?"
- In reply to: Magnus Blomberg: "EXEC in stored procedure"
- Next in thread: Magnus Blomberg: "Re: EXEC in stored procedure"
- Reply: Magnus Blomberg: "Re: EXEC in stored procedure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
