Regarding the following OWASP Top-10 Vulnerabilities and database-backed web applications:
Insecure Direct Object References
Can these not be solved by using a database that supports Row Level Security and by creating real user accounts in the database for each user and having them login to the database as themselves (via the web server)?
Any issues in this approach to be aware of (other than it killing connection pooling)?
Aucun commentaire:
Enregistrer un commentaire