Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
0
-
Description
Database schemas are a central component of a database architecture. They not only organize the objects within the database, they also serve as access control. Stackoverflow
The standard schemata, such as the "dbo" schema in Microsoft SQL Server, should not be used primarily for security reasons, since an attacker knows exactly the rights and possibilities of a non-secured standard schema and this is therefore a possible weakness. Even if a separate database is used for Bitbucket to which no other application has access, this risk remains. In fact, Bitbucket can even pose a threat to other applications that use the same database instance (keyword permission / ownership chaining).
This can be avoided by always creating a separate schema for an application in a database, as is done for example with Jira.
Note:
JDBC connections unfortunately do not have an argument that allows you to change the schema used.