Nobody has yet mentioned this yet, so I thought I might. I will refrain from the stored procedures vs. dynamically generated SQL wars (I have used only the latter). SQL has identities and most of the SQL games could be stopped by using a sharply limited indentity to query the database (column, table and database access control is included in standard SQL). Obviously this is not a substitute for programming it properly in the first place but could limit the damage. In particular the code that can be manipulated to change prices in multiple shopping carts (ISS X-Force, 3rd of February) does not need an identity that can change the prices. I suspect the wwwthreads code, RFP2K01 (also 3rd of February), does not need write access for its intended results. Am I missing something or are the database queries not doing the moral equivilent of running everything as root and hoping the, usually sadly lacking, input validation saves the system? If this is completely clueless for servers and cgi programs what makes it somehow acceptable for acessing databases which include serious access controls? Is minimum prviledge no longer a good idea? BTW If the answer to the question above is that the current practice is clueless then I am guilty doing it myself :-) Next time I hopefully use mores clues and the access controls provided. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:11 PDT