Karsten Hilbert wrote:
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?
The web framework does that. The web framework decodes the HTTP request and executes any SQL it thinks the user wants. If there is a permissions error then it sends an email to the administrator.
The underlying idea is that the GET/POST parameters are pretty standard and easy to decode and convert into SQL commands. For instance, by default we assume a page = a table, and lacking any code that overrides that assumption, a request for a page becomes a search request in the table of the same name. This is the first thing a cracker would depend upon if he were trying to pry.
