Security of accounts

Security of accountsNo, we're not going to talk about not having default passwords. Some databases (e.g. MySQL) are guilty of setting a simple and widely known system password after installation. Nor will we talk about the fact that the password must be complex. This rule applies to all IT areas and should be known even to a novice user. We are going to talk about databases.As my experience shows, very often when developing corporate programs, programmers use one account to access the database. The parameters of this account are written directly in the program, and access to certain modules (accounting, warehouse, HR, etc.) is implemented programmatically. On the one hand, this method is convenient because the program can connect to the database with administrative rights and does not have to suffer from roles and distribution of rights to tables. And on the other hand, this way is far from safe. The level of users in our country is growing, and your company's employees may be quite familiar with security and hacking. By learning the name and password under which the program connects to the database, a simple user can get more opportunities than you wanted.Security of accounts
The SQL language is not a secret and is too complex. There are many programs with which you can easily view any data in the database. Knowing your name and password, anyone can steal all the information, and in a couple of days it will be in any disk stall.Username and password should never be saved in the program. Access to the program itself must also be limited and impossible for a third party. It would be logical to combine both database performance authorizations into one. Each user in the organization needs to have a separate account on the database server with the necessary minimum permissions and it is this name/password that should be used for authorization in the program. It is possible to use common and very effective logic - if with the entered data the program was able to authorize in the database, the access is allowed, if not, it is necessary to interrupt the program execution. Simple and effective, because we have used database authorization.