Re: system stored procedures

From: Sue Hoegemeier (Sue_H@nomail.please)
Date: 06/19/02

• Next message: Sue Hoegemeier: "Re: Users and Roles"
• Previous message: cpeach: "DTS user name/password"
• In reply to: Walt Hickman: "system stored procedures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Sue Hoegemeier <Sue_H@nomail.please>
Date: Wed, 19 Jun 2002 09:01:00 -0600

The stored procedures sp_MSdbuserpriv and sp_MSuseraccess
are undocumented system stored procedures but they are
legitimate system stored procedures.
spt_values is just a big lookup table for code values/string
values. It's undocumented but I don't think it stores actual
permissions but rather numbers used in system tables and
what string values these translate to - such as 193 =
select. You can see how it's used if you look at some of the
security system stored procedures such as sp_helprotect.

-Sue

On Wed, 19 Jun 2002 06:26:58 -0700, "Walt Hickman"
<walter.hickman@reedbusiness.com> wrote:

>This error just recently started... I would create a
>standard login, give that login access to the user
>database and also default the login to the user database.
>But when the user trys to use the login an error comes
>back and states the login has failed trying to connect to
>the master database on table spt_values. When I select
>from the table this table hold all of the security
>information for the server. Role information and the
>assigned values. This scares me!!! I have identified some
>stored procedures like sp_MSdbuserpriv and sp_MSuseraccess
>but when I try to look them up in technet or books online
>they are not referenced. I think this is a unknown virus
>or a backdoor that has some how gotten into my network.
>
>I'd love to hear your comments.
>
>Thanks,
>Walt

---

• Next message: Sue Hoegemeier: "Re: Users and Roles"
• Previous message: cpeach: "DTS user name/password"
• In reply to: Walt Hickman: "system stored procedures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Connecting a user from a backup database to a new login ... In SQL Server 2000, I loaded a backup file into a new local database. ... The database has an existing user which owns several stored procedures, ... I want to create a login of the same ... (microsoft.public.sqlserver.security) RE: Windows NT Security ... Stored Procedures offer an opportunity to improve your database security. ... Make a new login - in my case I'm using MyLogin. ... GRANT EXECUTE ON usp_ins_AUDIT_FIELD TO MyLogin ... (microsoft.public.sqlserver.programming) Re: Security Using Access with asp.net ... I'm not sure, because the stored procedures used are already created, and I ... I suppose if you wanted to decompile the dlls for the Login ... saved in a SQL Express 2008 database. ... Why I ask, is because where I have my website, I am offered SQL server ... (microsoft.public.dotnet.framework.aspnet.security) Re: Adding Permissions ... every database and grant it rights to execute all stored procedures. ... Director of Text Mining and Database Strategy ... not using sa as the login. ... (microsoft.public.sqlserver.security) Re: using sp_ as a naming convention for stored procedures ... System stored procedures are created and stored in the master ... database and have the sp_ prefix. ... SQL Server always looks for a stored procedure ... (microsoft.public.sqlserver.programming)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)