[AccessD] oT Friday; amused easily

Arthur Fuller artful at rogers.com
Fri Oct 14 14:13:39 CDT 2005 

Right on, brother! That is EXACTLY the ticket. NOBODY (but me) gets direct
access to the tables. You do not talk to God, you put some money in the
collection plate and talk to me, then I talk to God on your behalf. LOL.
A.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of David McAfee
Sent: October 14, 2005 2:34 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] oT Friday; amused easily

First of all, by allowing the use of SPs, a developer should not allow
anyone to have direct access to tables.
There is no way that a system that is fully unsecured and allows any general
SQL statement to execute is good practice. Whenever any text parameters are
passed as input parameters, they should be checked for invalid characters
and/or words (', ;, -, SELECT, DROP, TRUNCATE, DELETE, ALTER).

This guy assumes that nobody implements security, even when using SPs. He is
wrong.

More information about the AccessD mailing list