Need more than one database user

Discussion in 'Databases' started by goinggoneco, Sep 14, 2004.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. goinggoneco

    goinggoneco

    Guys,

    It is an important security consideration to give at least two SQL users per database account. One user/password is kept for admin purposes only and the other can be used by the web application to run the specified Stored Procedures (only) that the web application has been granted.

    Having to have only one user/password basically goes against the recommended best practise of locking down dbms accesses to the bare-minimum stored procedures that operate your web site.

    If the web server is compromised and the user/password is obtained from the connection string (likely scenario), the hacker can only run the stored procedures and this can greatly mitigate the amount of damage to the database.

    It is really fairly limiting security-wise to have a single dbms login only.

    your thoughts?

    David
     
    goinggoneco, Sep 14, 2004
    #1
  2. NRich

    NRich

    I agree. Posted a suggestion and received a reply. "Your suggestion has been sent to management."


    Humm.


    It would be nice.


    Neil
     
    NRich, Nov 11, 2004
    #2
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page