On Tue, Aug 21, 2018 at 1:28 PM, Justin Taylor <JUSTIN@xxxxxxxxxxxxx> wrote:

I think the general MO, is to have web apps run as a fixed user.


thank you. good to know.

The fixed user does seem like a problem. Journaling does not show a
meaningful user name. And, since the PHP code has to have authority to
database tables you have to grant authority to the tables to the fixed
user. ( or go the SP only route. )

having the stored procedure check that the validation list user has
authority to a table also seems problematic in terms of making sure
malicious code is not calling the SP.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.