To give this thread closure:
The vendor said that Sybase 11 makes a distinction between creating
procedures and creating temporary procedures, and Sybase 9 treats all
procedure creating the same and thus they can't give our read-only
account this permission.
So we plan on upgrading to Sybase 11 soon. Thanks for your help!
On Oct 21, 12:12 pm, Michael Bayer <mike...@zzzcomputing.com> wrote:
> On Oct 21, 2011, at 4:02 PM, Firass Asad wrote:
>
>
>
>
>
> > Good day,
>
> > I am having trouble using sqlalchemy with a third-party Sybase 9
> > database with read-only permissions. I believe this is based on the
> > way (certain versions of) Sybase handle prepared statements[1].
>
> > Using pyodbc, this works:
> > results = cursor.execute("select name from table where name='Bob'")
>
> > While this doesn't work:
> > results = cursor.execute("select name from table where name = ?",
> > ["Bob"])
>
> > The error message is the following:
> > ASA Error -121: Permission denied: you do not have permission to use
> > the "CREATE PROCEDURE" statement (262)
>
> > So my question is, is there a way I can use sqlalchemy without using
> > prepared statements? What are my options?
>
> you'd have very limited usage options here, and certainly the ORM would be
> out of the question. You could pretty much only use
> engine/connection.execute() with a straight string.
>
> you should inform the partner you're working with that it's a major security
> hazard for the database to not accept bound parameter sets. Without them,
> all applications are wide open for SQL injection attacks:
> http://en.wikipedia.org/wiki/SQL_injection
--
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to sqlalchemy@googlegroups.com.
To unsubscribe from this group, send email to
sqlalchemy+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en.
