Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Avoiding SQL insecurities

by shemp (Deacon)
on Jul 14, 2004 at 22:03 UTC ( [id://374456]=note: print w/replies, xml ) Need Help??


in reply to Avoiding SQL insecurities

If you're doing updates from the script this may not be able to happen, but its always a good idea to severly limit the privileges of the SQL user account that you are connecting to the DB with.

Basically if your script doesnt need a particular SQL privilege, dont give that privilege to the SQL user account that you're using.

I'm thinking in terms of MySQL, which has excellent user management, but your DB may be different, or if you dont get to admin that db, you may be SOL.

Also, NEVER, NEVER imbed queries in web pages, if this is a web interface, you're really asking for it there.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://374456]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (4)
As of 2024-03-28 15:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found