This is pretty much a solution to a non-problem though. There are -huge- problems in web-application-security for sure. Keeping A from being able to impersonate B when A has complete read-access to the entirety of the database typically isn't among them. Get me right, in principle any improvement is a good thing. You'd be better off fixing SQL-injection in the first place though, as this method primarily defends against that. And it's not as if fixing sql-injection is difficult.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds