Description
When using SQL for Confluence on sites with untrusted users, you may need to employ security measures to control use. This describes some of the techniques for doing this. In some cases you may want to employ multiple techniques together depending on factors like database being accessed. For instance, macro security can be applied no matter what other technique you want to use.
...
- Enables trusted users to provide important content.
- Controlled at the user, group, and database level.
...
- Controls what database operations are allowed.
- Ease concerns for database or security administrator.
...
Restrict access to query only.
...
Only pre-defined SQL can be run.
...
Data shown based on user id and role.
...
Prevent SQL injection attacks by using parameter markers. This in only necessary when the SQL statements are partially constructed from user input - for example, using the RUN. See Wikipedia: SQL injection. Parameter markers are supported by SQL for Confluence.
...
Prevent SQL injection attacks when users are allowed to provide statement construction input.
...
| title | Confluence database access |
|---|
...
| Include Page | ||||
|---|---|---|---|---|
|