Database Security

Use database security measures to further protect your data. Only allow access to the database through stored procedures.

Use a database id that only allows execute privileges on the procedures used by your application. One id can be made available for the public with access to only the appropriate few transactions. ConsenCIS currently provides for four separate levels of user authority corresponding to public, employee, manager and admin privileges.

Keep the admin id out of the website entirely.

Use parameterized calls to the procedures.

Scrub all input. ASP uses querystrings and forms to input data. Every input needs to be examined before either posting it to the database or redisplaying it on the screen.