Click here to Skip to main content
15,891,513 members
Search within:


why stored procedure is more secure than normal query
Please Sign up or sign in to vote.
5.00/5 (1 vote)
See more:
C#
SQL
Hi,

Even though stored procedure is precompiled database object how we can say it is more secure than normal Sql query?On what basis we can say like this?Could anyone illustrate the scenario?
Posted
Add a Solution

6 solutions

- You can grant permissions directly to the underlying tables
- all the real-underlying schema information can be encapsulated/hidden away
- SPs can be encrypted too
 
Share this answer
 
Posted
Comments
Abhinav S 19-Dec-11 1:15am    
My 5, I added Sql Injection attack as well.
Amir Mahfoozi 19-Dec-11 1:19am    
+5 good points.
thatraja 19-Dec-11 1:28am    
5! See mine for more
Apart from what was said in the first answer, stored procedures reduce chances of SQL Injection attacks.
Read more about this here[^].
 
Share this answer
 
Posted
Comments
koolprasad2003 19-Dec-11 1:18am    
Yes Abhinav, i missed SQLInjection. 5.
Abhinav S 19-Dec-11 1:19am    
Thanks.
Amir Mahfoozi 19-Dec-11 1:18am    
+5 I agree with you.
Abhinav S 19-Dec-11 1:23am    
Thanks Amir.
thatraja 19-Dec-11 1:28am    
5! See mine for more
From link:[^]

  1. Execution plan retention and reuse
  2. Query auto-parameterization
  3. Encapsulation of business rules and policies
  4. Application modularization
  5. Sharing of application logic between applications
  6. Access to database objects that is both secure and uniform
  7. Consistent, safe data modification
  8. Network bandwidth conservation
  9. Support for automatic execution at system start-up
  10. Enhanced hardware and software capabilities
  11. Improved security
  12. Reduced development cost and increased reliability
  13. Centralized security, administration, and maintenance for common routines

SQL SERVER – Stored Procedures Advantages and Best Advantage[^]
 
Share this answer
 
Posted
Comments
Abhinav S 19-Dec-11 1:34am    
More detailed. 5.
Uday P.Singh 19-Dec-11 2:49am    
5ed :)
Hi,

you can also create Transaction in Stored procedure.

thanks
-Amit.
 
Share this answer
 
Posted
Comments
AmitGajjar 19-Dec-11 5:01am    
why 1+ ? isn't it possible in SP ?
Wendelius 19-Dec-11 17:04pm    
Didn't vote 1 for this answer, but I'd guess that the reason behind the downvotes is that you can use transaction also with statements that are executed from client side. For example, see: SqlTransaction[^]
AmitGajjar 19-Dec-11 23:04pm    
Yes correct... but more preferable is from SP. anyway thanks man...
Hi friend,
Sql procedures are better than inline queries beacuse it protects your website from injection i.e. sql injection these are unauthorized codes by which we can hack particular site.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Stored procedure query is not working
Why Stored Procedure Run My Quary More Than One
WHAT IS STORED PROCEDURE ?
Parameterized query and stored procedure
Why is this msg showing? (Msg 111, level 15, state 1, procedure getemployeeinfo, line 27 [batch start line 0] 'CREATE/ALTER PROCEDURE' must be the first statement in a query batch.
Dynamic Security Stored Procedure Repeatedly Called
Stored Procedure For Seach query
why stored procedures query sometime taking little time to execute
How to convert the below query into stored procedure(MS SQL server) ?
which is best trigger or stored procedure?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 5 Feb 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900