I am referring OWASP for SQL injection prevention and have two queries,
(1) Whats is "embedded parameters" related to parameterized stored procedures? - I couldn't find any difference between parameters and embedded parameters.
(2) Which one is better -
(a) Parametrized stored procedures with the principle of least privilege //Clubbing additional defense & high priority defense
(b) Parameterized stored procedures with the embedded parameters
- I think option (a) depends on the policy where you use stored procedures everywhere, so unless specified option (b) is more correct.
OWASP - https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Least_Privilege