Check | Description |
---|---|
| Input passed to data access methods that originates outside the current trust boundary is constrained. Sanitization of input is only used as a defense in depth measure. |
| Stored procedures that accept parameters are used by data access code. If stored procedures are not used, type safe SQL parameters are used to construct SQL commands. |
| Least-privileged accounts are used to connect to the database. |