将数据库的读写用户分开是否是一种好的安全做法? [英] Is it a good security practice to have separated read and write users for a database?

问题描述

那么，如果代码的某些部分容易出现sql注入，那么至少用户如果碰巧使用的前端没有对所有内容都具有通用写入权限的情况下，至少不能向数据库写入任何内容?

So if some parts of the code are prone to sql injection, at least the user can't write anything to the database if he happens to be using the front end which does not have universal write access to everything?

推荐答案

是的，我认为让用户使用仅允许他们使用站点所需的最低权限的帐户进行连接是一种很好的做法.如果您的网络用户应该只从数据库中读取数据，那么我肯定会创建一个只有读取权限的帐户，并让他们通过它访问数据库.

Yes, I would say it's good practice to have users connect using accounts that only allow the least privileges they need to use the site. If your web users should only be reading data from the database then I would definitely create an account that only has read access and have them hit the DB through that.

更重要的是保护您的网络应用程序.即使用户没有写入您的数据库(想想被盗的信用卡号或密码)，您仍然可能成为毁灭性 SQL 注入攻击的受害者.

The more important thing would be to secure your web application. You can still be victim of a devastating SQL Injection attack even if a user does not write to your database (think stolen credit card numbers or passwords).

这篇关于将数据库的读写用户分开是否是一种好的安全做法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！