That is fine if you have full control over the server but if you are in a shared environment you may not have control over the creation of users. You would then have to use a dbo user.
Pete Lundrigan Media Resources Center Academic Web Support 316.978.7759 http://www.mrc.twsu.edu/ [EMAIL PROTECTED] -----Original Message----- From: Remie Bolte [mailto:asplist@;vinrem.nl] Sent: Thursday, November 07, 2002 10:56 AM To: ActiveServerPages Subject: Re: SQL query I just read that article, but i'm amazed thinking that there actually are programmers that execute a query in SA or Dbo user context. it's so easy to just secure you database using a sqlserver username/password and only allowing that user to execute SP, or custom select/insert/update functionalities. I understood that even before i knew which datatype i had to use in my tables (which i still don't :) regards remie bolte ----- Original Message ----- From: "Lonnie.Kraemer" <[EMAIL PROTECTED]> To: "ActiveServerPages" <[EMAIL PROTECTED]> Sent: Wednesday, November 06, 2002 6:27 PM Subject: Re: SQL query > --------------------- > I guess because some of us are not familiar with the application of > replace to accomplish this. > > <further_inquiry> > > Do you know where we could get some samples or documentation on this > practice. I think we all want more efficient code. > > </further_inquiry> > --------------------- > > Google for 'sql injection' for tons of info. Here's one: > http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3 > > -- > Lonnie Kraemer > ----------------------------------------- > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% > --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
