Re: User account for web applications (to avoid sql-injection)
From: Uri Dimant (urid_at_iscar.co.il)
Date: 03/28/05
- Next message: Ron: "Re: How to force usage on NTLM"
- Previous message: Mike: "User account for web applications (to avoid sql-injection)"
- In reply to: Mike: "User account for web applications (to avoid sql-injection)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 07:51:07 +0200
Mike
This article helps you
<http://vyaskn.tripod.com/sql_server_security_best_practices.htm> --------se
curity best practices
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:09C20956-1324-4D48-AF6B-65EE3AEF1AB3@microsoft.com...
> Hi,
> I have been using 'sa' for my web applications but after reading articles
> about sql-injection I want to change the account immediately. Can you
please
> advise how I should be doing this. what rights should be given to the web
> application so that they can do regular, selects, inserts , updates and
> deletes(in some cases) at the same time avoid a SQL attack like DROP Table
or
> other major attacks.
> I will be trying to do this at the application level too but I would like
to
> make sure SQL Server is safe.
> I am using sql server 2000 and I have about 12 databases (approximately
> 10-15 tables in each dB).
- Next message: Ron: "Re: How to force usage on NTLM"
- Previous message: Mike: "User account for web applications (to avoid sql-injection)"
- In reply to: Mike: "User account for web applications (to avoid sql-injection)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
