Thursday, December 13, 2007

The Principle of Least Privilege

A given user or body of code should be given only as much privilege as necessary to carry out its assigned tasks, nothing more.

In an RDBMS scenario, the code that accesses the RDBMS should have only the basic SELECT/INSERT/UPDATE/DELETE permissions on only those tables it accesses. That way, if the code falls prey to an SQL-injection attack, the code won't be able to execute the injection attack because of the restricted database access.

No comments: