SGreen@stripped writes:
[...]
> Your application will still need access to the data it gets from
> MySQL so changing your MySQL permissions doesn't make any sense,
> does it. It's your application that needs to say "no" to the
> user. You don't want MySQL saying "no" to your application. Do you?
Having multiple layers of security is generally a good design (often
called "Security in depth" or "Defense in depth"). That way if
there's a flaw in your application, the damage is limited. If you
think that's unlikely to happen, then you're not paying attention:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sql+injection
----ScottG.
