Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
pelegk2
Aged Yak Warrior
723 Posts |
 Posted - 2005-10-11 : 04:39:05
|
| i have got a list of STORED PROCEDURES which are under master/EXTENDED STORED PROCUEDURESand i was asked to change there permmisions beacuse they can be used to make harm like : sp_sdidebug,xp_availablemedia,xp_cmdshell, and so on.who actually uses this STORED PROCUEDURES and to whome can i or cant grant access to thios STORED PROCUEDURES (basiclly in the asp code none of this being used)thnaks in advancepelegIsrael -the best place to live in aftr heaven 9but no one wan't to go there so fast -:) |
|
|
chiragkhabaria
Master Smack Fu Yak Hacker
1907 Posts |
Posted - 2005-10-11 : 05:27:14
|
| Lookout for Revoke on BOL.. Revoke All on xp_CmdShell to PublicComplicated things can be done by simple thinking |
 |
|
|
AjarnMark
SQL Slashing Gunting Master
3246 Posts |
Posted - 2005-10-11 : 13:03:21
|
| Those stored procedures can be useful in the hands of a skilled DBA. But they can also be dangerous in the hands of a hacker. If someone is successful at using SQL Injection to get access to your server, and they can run xp_cmdshell, they could execute things at the file system level like deleting files or granting themselves greater access. This risk is mitigated by locking down those sprocs and also by running the SQL Service under a restricted account.---------------------------EmeraldCityDomains.com |
|
|
|
|
|
|
restricting certain STORED PROCEDURES