I don't need the pages to look for SQL injection opportunities... just the url. But for now just do the two user technique. Unless they have your admin username and password or the database username and password to access it directly, it will do the trick.