Habilis is all about CyberSecurity
SO, here is an answer of a Hukker
Create a SQLView in teh Database
https://www.w3schools.com/sql/sql_view.asp
example
CREATE VIEW vw_ServerStats AS
SELECT
...
FROM users
WHERE ...
LEFT JOIN ...
ON ...
2 - Create a SQL user
herc_Viewer
With the grant to select
ONLY on
vw_ServerStats
That way if an Evil Hukker such as Habilis uploads a WebShell to your
shitkoded super sophisticated website
and sees your connections string for user
herc_Viewer and his password.
Habilis will not be able (CREATE, EDIT, DELETE) users
Habilis will not be able to CREATE mvp cards and sell them for real money (
Habilis's favorite)
Habilis will not be able to SELECT user info such as Emails and passwords
Only thing Habilis will be able to do is to SELECT info already publically available on your website.
Beware of Hukkers, and don't forget to download your internet anonymity!
:kiss_wink: