Do I have to use Stored Procedures to get query level security or can I still do this with Dynamic S

Posted by Peter Smith on Stack Overflow See other posts from Stack Overflow or by Peter Smith
Published on 2010-05-06T20:24:10Z Indexed on 2010/05/06 20:28 UTC
Read the original article Hit count: 210

Filed under:

stored

|

procedures

|

sql

|

security

|

sql-server

I'm developing an application where I'm concerned about locking down access to the database. I know I can develop stored procedures (and with proper parameter checking) limit a database user to an exact set of queries to execute. It's imperative that no other queries other then the ones I created in the stored procedures be allowed to execute under that user.

Ideally even if a hacker gained access to the database connection (which only accepts connections from certain computers) they would only be able to execute the predefined stored procedures.

Must I choose stored procedures for this or can I use Dynamic Sql with these fine grain permissions?

© Stack Overflow or respective owner

Related posts about stored

Retreive a value inside a stored procedure and use it inside that stored procedure

as seen on Stack Overflow - Search for 'Stack Overflow'
delimiter // CREATE DEFINER=root@localhost PROCEDUREgetData(IN templateName VARCHAR(45),IN templateVersion VARCHAR(45),IN userId VARCHAR(45)) BEGIN set @version = CONCAT("SELECT saveOEMsData_answersVersion FROMsaveOEMsData WHERE saveOEMsData_templateName = '",templateName,"' ANDsaveOEMsData_templateVersion… >>> More
use result set of mysql stored procedure in another stored procedure

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a MYSQL stored procedure SP1() that returns a result set. I want to call SP1() inside of SP2() and loop through the result set of SP1() to do some additional work. I don't want to include my logic from SP1() because it would make SP2() too complicated. Any suggestions? Thanks. >>> More
Creating Stored Procedures in MySQL Using HeidiSQL 4&#146;s Stored Routine Editor

as seen on Internet.com - Search for 'Internet.com'
In the "Write MySQL Queries Using HeidiSQL 4" article, we learned how to connect to a MySQL database and execute queries against it using the free HeidiSQL GUI client. Today, we'll learn how to create a stored procedure using HeidiSQL's Stored Procedure Editor. >>> More
"Parameter type conflict" when calling Java Stored Procedure within another Java Stored Procedure

as seen on Stack Overflow - Search for 'Stack Overflow'
Here's the problem (sorry for the bad english): i'm working with JDeveloper and Oracle10g, and i have a Java Stored Procedure that is calling another JSP like the code: int sd = 0; try { CallableStatement clstAddRel = conn.prepareCall(" {call FC_RJS_INCLUIR_RELACAO_PRODCAT(?,?)} "); clstAddRel… >>> More
Calling stored procedure from another stored procedure and returning result as new columns

as seen on Stack Overflow - Search for 'Stack Overflow'
How to call stored procedure from another stored procedure and return the result as first one's column? ALTER PROCEDURE [dbo].[GetItems] AS SET NOCOUNT ON SELECT ID, AddedDate, Title,Description, Result of Stored Procedure "CountAll" call with parameter ID as Total FROM dbo.Table1 And… >>> More

Related posts about procedures

Drop all stored procedures in MySQL or using temporary stored procedures

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there a statement that can drop all stored procedures in MySQL? Alternatively (if the first one is not possible), is there such thing as temporary stored procedures in MySQL? Something similar to temporary tables? So far, for both tasks, I seem not to find any answers although there were people… >>> More
Creating a Model using Stored Procedures with Zend Framework

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using Zend Framework and I'd like to build a model to perform read/write operations on a database... using stored procedures. I know how stored procedures work, but I have yet to use them within Zend Framework. Is there any built in support for stored procedures that I should know about? What… >>> More
Hibernate and stored procedures

as seen on Stack Overflow - Search for 'Stack Overflow'
As my understanding on setting hibernate, I need to create table meta data file (person.hbm.xml), include all the fields mapping java object (person.java) If we use stored procedures for all transaction, do we still need the above configuration? It seems hibernate and stored procedures will… >>> More
What is your best-practice advice on implementing SQL stored procedures (in a C# winforms applicatio

as seen on Stack Overflow - Search for 'Stack Overflow'
I have read these very good questions on SO about SQL stored procedures: When should you use stored procedures? and Are Stored Procedures more efficient, in general, than inline statements on modern RDBMS’s? I am a beginner on integrating .NET/SQL though I have used basic SQL functionality for… >>> More
Oracle Tutor: Are Documented Policies and Procedures Necessary?

as seen on Oracle Blogs - Search for 'Oracle Blogs'
People refer to policies and procedures with a variety of expressions including business process documentation, standard operating procedures (SOPs), department operating procedures (DOPs), work instructions, specifications, and so on. For our purpose here, policies and procedures mean a set of documents… >>> More