Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 How safe/dangerous is this?

Author  Topic 

WolfShade
Starting Member

3 Posts
Posted - 2012-02-02 : 19:51:11
I just ran a query that gives public permission to execute (in the master database, 'sys' schema) sp_OASetProperty, sp_OAMethod, sp_OAGetErrorInfo, sp_OADestroy, sp_OAStop, sp_OACreate, and sp_OAGetProperty. How dangerous is this?

I did so because of some added RegEx functionality. Very nice RegEx, and I dislike the idea of losing the RegEx objects. But how dangerous (seriously) is it to grant execute permission to public for the above? If it's dangerous, I'll get rid of the RegEx.

Thank you,

^_^

WolfShade
Starting Member

3 Posts
Posted - 2012-02-07 : 13:17:14
Anyone?
Go to Top of Page

X002548
Not Just a Number

15586 Posts
Posted - 2012-02-07 : 13:43:03
Sorry..can't help...don't use those...but I do know they are dangerous..memory leaks..etc

Brett

8-)

Hint: Want your questions answered fast? Follow the direction in this link
http://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspx


Want to help yourself?

http://msdn.microsoft.com/en-us/library/ms130214.aspx

http://weblogs.sqlteam.com/brettk/

http://brettkaiser.blogspot.com/
Go to Top of Page

GilaMonster
Master Smack Fu Yak Hacker

4507 Posts
Posted - 2012-02-07 : 14:03:54
Those are nasty xps. Object automation inside a database... *shudder* If you want to use regex, why not a CLR procedure or function?

--
Gail Shaw
SQL Server MVP
Go to Top of Page

Kristen
Test

22859 Posts
Posted - 2012-02-07 : 14:06:29
I can't help either ... except to say the only time I have enabled them is to do one-off RegEx for some sort of initial data import. Beyond that we've programmed around not having full-flexible RegEx in SQL's "LIKE" expression (much as I would like to have a fully-function RegEx in SQL )
Go to Top of Page

russell
Pyro-ma-ni-yak

5072 Posts
Posted - 2012-02-07 : 16:34:04
Don't give public permission to sp_OACreate etc.

If you have a valid reason to use OLE Automation inside your SPs, just grant execute on those.
Go to Top of Page

WolfShade
Starting Member

3 Posts
Posted - 2012-02-08 : 01:17:19
Thanks, everyone. Guess I'll go back and undo all those.

GilaMonster: any suggestions on decent CLR that will give good RegEx replace?

^_^
Go to Top of Page

GilaMonster
Master Smack Fu Yak Hacker

4507 Posts
Posted - 2012-02-08 : 06:03:48
Sorry, I don't write CLR, but there should be regex features in C#, so should not be hard.

--
Gail Shaw
SQL Server MVP
Go to Top of Page

sunitabeck
Master Smack Fu Yak Hacker

5155 Posts
Posted - 2012-02-08 : 06:50:25
This article might be useful. Fill Factor also has downloadable code in that article. http://www.simple-talk.com/sql/t-sql-programming/clr-assembly-regex-functions-for-sql-server-by-example/
Go to Top of Page

bokerjony
Starting Member

3 Posts
Posted - 2012-02-22 : 00:20:53
thanks for sharing this topic.
unspammed
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site