Karsten Hilbert wrote:
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?
The web framework does that. The web framework decodes the HTTP request
and executes any SQL it thinks the user wants. If there is a
permissions error then it sends an email to the administrator.
The underlying idea is that the GET/POST parameters are pretty standard
and easy to decode and convert into SQL commands. For instance, by
default we assume a page = a table, and lacking any code that overrides
that assumption, a request for a page becomes a search request in the
table of the same name. This is the first thing a cracker would depend
upon if he were trying to pry.
