User account for web applications (to avoid sql-injection)
From: Mike (Mike_at_discussions.microsoft.com)
Date: 03/28/05
- Previous message: Uri Dimant: "Re: Giving access to manage sql jobs"
- Next in thread: Uri Dimant: "Re: User account for web applications (to avoid sql-injection)"
- Reply: Uri Dimant: "Re: User account for web applications (to avoid sql-injection)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 27 Mar 2005 20:05:01 -0800
Hi,
I have been using 'sa' for my web applications but after reading articles
about sql-injection I want to change the account immediately. Can you please
advise how I should be doing this. what rights should be given to the web
application so that they can do regular, selects, inserts , updates and
deletes(in some cases) at the same time avoid a SQL attack like DROP Table or
other major attacks.
I will be trying to do this at the application level too but I would like to
make sure SQL Server is safe.
I am using sql server 2000 and I have about 12 databases (approximately
10-15 tables in each dB).
- Previous message: Uri Dimant: "Re: Giving access to manage sql jobs"
- Next in thread: Uri Dimant: "Re: User account for web applications (to avoid sql-injection)"
- Reply: Uri Dimant: "Re: User account for web applications (to avoid sql-injection)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
