So if some parts of the code are prone to sql injection, at least the user can’t write anything to the database if he happens to be using the front end which does not have universal write access to everything?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
So if some parts of the code are prone to sql injection, at least the user can’t write anything to the database if he happens to be using the front end which does not have universal write access to everything?
Yes, I would say it’s good practice to have users connect using accounts that only allow the least privileges they need to use the site. If your web users should only be reading data from the database then I would definitely create an account that only has read access and have them hit the DB through that.
The more important thing would be to secure your web application. You can still be victim of a devastating SQL Injection attack even if a user does not write to your database (think stolen credit card numbers or passwords).