Database permissions and ORMs

Posted by Jonn on Stack Overflow See other posts from Stack Overflow or by Jonn
Published on 2010-05-12T06:03:16Z Indexed on 2010/05/12 6:34 UTC
Read the original article Hit count: 198

Filed under:

orm

|

database-permissions

I've been using .NET's Entity Framework a lot lately and have absolutely no wish to go back to using Stored Procedures. Been shocked though that the company I'm building this project for had a policy where applications were only given accounts that only had permissions to access stored procedures!

Apparently, they believe that there's a security risk involved in allowing applications to access the tables/views directly. I don't get this.

My first question is, can someone enlighten me as to what kind of security risk applications having direct access to the database may pose? AND
If that's the case, are there any other ORM solutions that can provide a workaround to this (I can't think of any logical possibility atm) that would allow me to circumvent the restrictions on the user account to be assigned to me? OR is my understanding that I'd need direct permissions for the tables and views wrong?

© Stack Overflow or respective owner

Related posts about orm

Optimizations employed by ORM's

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm teaching JEE, especially JPA, Spring and Spring MVC. As I have not so much experience in large projects, it is difficult to know what to present to students about optimisation of ORM. At the present time, I present some classic optimisation tricks: prepared statements (most of ORM implicitely… >>> More
Which ORM to use with SQL Azure?

as seen on Stack Overflow - Search for 'Stack Overflow'
Just wondering what everyones thoughts on what ORM to use for SQL Azure? I'm fairly comfortable using LINQ-to-SQL and I believe it is possible to get it working with SQL Azure. However, from my understanding (correct me if I'm wrong), no further improvements will be made to Linq-to-SQL in future… >>> More
PHP Doctrine ORM NestedSet

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, although I read through the manual here: http://www.doctrine-project.org/documentation/manual/1_2/hu/hierarchical-data I couldn't find a way to move a node from a Leaf to become a Root node. Any clues? The question is trivial for inserting a new node...but what about updating a node? >>> More
PHP PSR-0 + several namespaces in one file and autoload

as seen on Programmers - Search for 'Programmers'
I've been thinking for a while about defining several namespaces in one php file and so, having several classes inside this file. Suppose, I want to implement something like Doctrine\ORM\Query\Expr: Expr.php Expr |-- Andx.php |-- Base.php |-- Comparison.php |-- Composite.php |-- From.php |-- Func… >>> More
FOSUserBundle override mapping to remove need for username

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to remove the need for a username in the FOSUserBundle. My users will login using an email address only and I've added real name fields as part of the user entity. I realised that I needed to redo the entire mapping as described here. I think I've done it correctly but when I try to submit… >>> More

Related posts about database-permissions

Database permissions and ORMs

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using .NET's Entity Framework a lot lately and have absolutely no wish to go back to using Stored Procedures. Been shocked though that the company I'm building this project for had a policy where applications were only given accounts that only had permissions to access stored procedures… >>> More
How to setup Database Permissions on SqlServer Express 2008

as seen on Server Fault - Search for 'Server Fault'
I'm using a code-first approach of using the Entity Framework. When I first run the application it will try to create the database matching my MVC models. However, it doesn't have permission to create it I think. I get the following error: CREATE DATABASE permission denied in database 'master'… >>> More
Setting SQL database Permissions for Visual Studio Data Config Wizard

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, Stackoverflow! I'm new to SQL. I have created a new database in SQL Server Management Studio, and am now trying to attach it to a windows forms project in Visual Studio via the built in Data Configuration Wizard. Currently, whenever I try to attach the database file, I get a permissions error: "You… >>> More
What permissions do I need to run SQL*Loader?

as seen on Server Fault - Search for 'Server Fault'
What permissions does a database user need to be able to run oracle's sql loader? For instance, since sql loader will disable indexes and triggers, does it need ALTER permissions for those items? This seems like a simple question, but I can't find any documentation on this in the manual. >>> More
Application Compatibility Clients do not show in MSSQL database, but do show in \AppCompat\

as seen on Server Fault - Search for 'Server Fault'
Application Compatibility Clients are not denied access to the central MSSQL database, but are able to leave their own files in the \AppCompat\ share. The only computer that shows up in the "Microsoft Application Compatibility Manager" database is the the machine i initially created the .MSI installer… >>> More