|
|
|
|
|
|
by derpmeister
5094 days ago
|
|
|
It would be a silly thing to do because you keep exactly the same problem you'd have without stored procedures. Would the client you're writing rather execute something along the lines of SELECT sp_enroll("bob\"); DROP TABLE students; --");
or SELECT sp_enroll("bob"); DROP TABLE students; --");
?At least if you grant the user only SELECT and EXECUTE privileges and define the procedures using the SECURITY DEFINER property, you could still prevent this type of damage. (This relies on the procedures to be as strict as possible or the whole scheme essentially fails.) |
|
|