undefined | Better HN

0 pointsmbreese8y ago0 comments

> The security gain comes from replacing the full capability of the database ("run code on your local machine") with the smaller, whitelisted set of capabilities defined in the stored procedure.

The security gain is that it you are only able to run queries that the DBA allows you to. If you can't write arbitrary queries, you won't get arbitrary results. If you can only run a stored procedure, you are abstracted away from those side effects. Another way of saying this -- the security risk is shifted from the app developer to the DBA. Someone is still writing a query (or procedure code), so there will always be some risk.

0 comments

scarface748y ago

This could also be achieved with a well written microservice/package that developers go through without depending on dba.

thaumasiotes8y ago

It doesn't sound like we disagree?

j / k navigate · click thread line to collapse

0 comments

scarface748y ago

This could also be achieved with a well written microservice/package that developers go through without depending on dba.

thaumasiotes8y ago

It doesn't sound like we disagree?

j / k navigate · click thread line to collapse