Re: storedproc.edit: "select permission denied" when assigning to a field

From: Jeremy (jeremy)
Date: 02/08/05 

Date: Tue, 8 Feb 2005 14:46:07 -0800

Del, pardon me if I disagree with your statements.

First, people who are concerned with security prefer NOT giving end users
direct table permissions, but only giving them exec rights to stored
procedures.

I think you're also suggesting that there be a single userid that everyone
uses. Sorry, that would be a very serious security problem that we could
not tolerate. If you mean using an application role to control access, that
would be ok (but each user still should have to authenticate with their own
unique login). This app doesn't happen to use an application role, but I
have other apps that do use them successfully.

As for tadostoredproc being buggy, I don't think so. I have hundreds of
them in use in various apps, and they work extremely well, and very, very
fast -- even across the internet. In fact I have several that return
multiple recordsets. Saves a vast amount of latency which can be an
app-killer across the net.

In the specific case I raised, the behavior doesn't qualify as a bug. True,
I didn't understand how it worked, but now I know.

Jeremy

"Del M" <Del.Murray@CreditHawk.Net> wrote in message
news:42090c7c@newsgroups.borland.com...
> you should be using a sql userid that has the correct permissions for the
> application. If one user logged in under that userid can perform the
> operation then all users under that id can. Go with the tadodataset, your
> life will be simpler. Tadostoredproc is for executing stored procedures
> that
> dont return data, to use it any other way is probably going to get you a
> lot
> of grief, IIRC it is a little buggy.
>
>

Relevant Pages

  • Re: FxCop App Security
    ... this applies to normal .NET apps and not ASP.NET apps. ... information on what security settings should be used when running the app on ... > This is used to indicate the minimum permissions your assembly require... ... > Microsoft Online Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Permissions
    ... Then i would just use the sysinternal tools to understand more of whats ... many directorys (i have a Like issue having to run old apps based on NT ... who has to deside on a security model and a standard image. ... > write permissions in order for some of your apps to work, ...
    (Security-Basics)
  • security using windowsprincipal class
    ... When the user logs on and is in the security group "school", ... group but doesnt log back in, he still has permissions to run the ... 'get the current userid domain\username ...
    (microsoft.public.dotnet.general)
  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • Re: Are bad developer libraries the problem with M$ software?
    ... rarely poeple on security lists. ... If you want to add language specific content to the OWASP Guide feel ... > I think that most on the list would agree that, overall, most web apps are ... > programmers when they haven't been offered a clue. ...
    (SecProg)