为什么存储过程比普通查询更安全 [英] why stored procedure is more secure than normal query
本文介绍了为什么存储过程比普通查询更安全的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
即使存储过程是预编译的数据库对象我们怎么能说它比普通的Sql查询更安全?在什么基础上我们可以这样说?有没有人可以说明这种情况?
解决方案
- 您可以直接向基础表授予权限
- 所有真实底层架构信息可以封装/隐藏
- SP也可以加密
除了第一个答案中所说的,存储过程减少了SQL注入攻击的可能性。
了解更多关于此此处 [ ^ ]。
< blockquote class =FQ>
- 执行计划保留和重用
- 查询自动参数化
- 业务规则和策略的封装
- 应用程序模块化
- 在应用程序之间共享应用程序逻辑
- 访问安全且统一的数据库对象
- 一致,安全的数据修改
- 网络带宽保护
- 支持系统启动时自动执行
- 增强的硬件和软件功能
- 提高安全性
- 降低开发成本并提高可靠性
- 常规例程的集中安全性,管理和维护
SQL SERVER - 存储过程的优势和最佳优势 [ ^ ]
Hi,
Even though stored procedure is precompiled database object how we can say it is more secure than normal Sql query?On what basis we can say like this?Could anyone illustrate the scenario?
解决方案
- You can grant permissions directly to the underlying tables
- all the real-underlying schema information can be encapsulated/hidden away
- SPs can be encrypted too
Apart from what was said in the first answer, stored procedures reduce chances of SQL Injection attacks.
Read more about this here[^].
- Execution plan retention and reuse
- Query auto-parameterization
- Encapsulation of business rules and policies
- Application modularization
- Sharing of application logic between applications
- Access to database objects that is both secure and uniform
- Consistent, safe data modification
- Network bandwidth conservation
- Support for automatic execution at system start-up
- Enhanced hardware and software capabilities
- Improved security
- Reduced development cost and increased reliability
- Centralized security, administration, and maintenance for common routines
SQL SERVER – Stored Procedures Advantages and Best Advantage[^]
这篇关于为什么存储过程比普通查询更安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
