Re: security flaw
From: Richard Waymire [MS] (rwaymi_ms@microsoft.com)
Date: 05/29/02
- Next message: Marcus Michaels: "Re: Login failure"
- Previous message: Hina Masud [MS]: "RE: Login failure"
- In reply to: Hina Masud [MS]: "RE: security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Richard Waymire [MS]" <rwaymi_ms@microsoft.com> Date: Wed, 29 May 2002 14:49:54 -0700
Depends on what you mean... if the stored proc has the same owner as the
table then this is expected behavior - look up "ownership chains" in the
books online.
-- Richard Waymire, MCSE, MCDBA This posting is provided "AS IS" with no warranties, and confers no rights. "Hina Masud [MS]" <Hina@online.microsoft.Net> wrote in message news:q#l1qH1BCHA.1720@cpmsftngxa07... > Hi Ramy, > > i just tested this out and what you have stated is incorrect. if the select permission is denied on the table the stored > procedure is using then you will see the following error when you try to execute the sp (with only execute permissions > given to the user for the sp) > > Server: Msg 229, Level 14, State 5, Procedure A, Line 1 > SELECT permission denied on object 'authors', database 'pubs', owner 'hinam'. > > Go to Security Folder and check the users permissions there as well as its permissions in the database and objects. > > Thank you > > Hina Masud > Microsoft > > Disclaimer: > This posting is provided AS IS with no warranties, and confers no rights. > > Are you secure? For information about the Microsoft Strategic Technology > Protection Program and to order your FREE Security Tool Kit, please visit > http://www.microsoft.com/security. > > -------------------- > -Content-Class: urn:content-classes:message > -From: "ramy" <raman_ramesh@k2c.biz> > -Sender: "ramy" <raman_ramesh@k2c.biz> > -Subject: security flaw > -Date: Tue, 7 May 2002 21:46:59 -0700 > -Lines: 10 > -Message-ID: <12c601c1f64b$63b10450$9ee62ecf@tkmsftngxa05> > -MIME-Version: 1.0 > -Content-Type: text/plain; > - charset="iso-8859-1" > -Content-Transfer-Encoding: 7bit > -X-Newsreader: Microsoft CDO for Windows 2000 > -X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 > -Thread-Index: AcH2S2OxZjsFLqK1R5CeliW/DHCeMA== > -Newsgroups: microsoft.public.sqlserver.security > -NNTP-Posting-Host: TKMSFTNGXA05 10.201.232.164 > -Path: cpmsftngxa07!cpmsftngxa09!cpmsftngxa08 > -Xref: cpmsftngxa07 microsoft.public.sqlserver.security:5702 > -X-Tomcat-NG: microsoft.public.sqlserver.security > - > -i have observed the following flaw. > - > -i deny select rights on a table for a user, but if > -the user has got execute rights on a stored procedure > -which uses the said table. he still can access the > -table through the sp. > - > -please advice. > - > - > - > >
- Next message: Marcus Michaels: "Re: Login failure"
- Previous message: Hina Masud [MS]: "RE: Login failure"
- In reply to: Hina Masud [MS]: "RE: security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
