Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers
From: Richard Waymire [MS] (rwaymi_ms@microsoft.com)
Date: 05/17/02
- Next message: Dennis Redfield: "Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Previous message: Jerry: "SPID #s to IPADDRESS ?"
- In reply to: Pankul Verma: "major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Next in thread: Trayce Jordan: "Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Reply: Trayce Jordan: "Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Richard Waymire [MS]" <rwaymi_ms@microsoft.com> Date: Fri, 17 May 2002 11:56:30 -0700
no, you're not missing anything. Current design is that if you are a user
(with any permissions at all) in a database then you can see all the
metadata in the database. No supported way to change this.
-- Richard Waymire, MCSE, MCDBA This posting is provided "AS IS" with no warranties, and confers no rights. "Pankul Verma" <pankul@urbanwireless.com> wrote in message news:OQsnJ#D$BHA.2200@tkmsftngp02... > I created a SQL authenticated login to my sqlserver for a business partner > who needed to execute an SP on my server at his location. gave him > permission only on 1 SP (no tables etc) > > before rolling out, I did my homework, > connected from a remote location to my SQL server at port 1433, and the > application worked > > now I used Enterprise Manager to add the SQL Server from my remote location, > which gave me the access to view each and every Stored Proc, trigger, table > DRI etc ... > infact i was able to Script my entire database using this. > > same results from query analyser ... > > obviously I cud'nt select data from tables or execute SPs that i did not > have access to, however ... this raises a big concern of security for me, if > a guy can see all the source code, its not nice! > > Am I missing somehting? > > Pankul > > >
- Next message: Dennis Redfield: "Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Previous message: Jerry: "SPID #s to IPADDRESS ?"
- In reply to: Pankul Verma: "major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Next in thread: Trayce Jordan: "Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Reply: Trayce Jordan: "Re: major security concern - any sql user with minimal permission can see code for all stored procs and triggers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
