Re: Extended Stored PRocedures

From: Jasper Smith (jasper_smith9_at_hotmail.com)
Date: 06/16/03

• Next message: Jasper Smith: "Re: what am I missing?"
• Previous message: dan i: "what am I missing?"
• In reply to: Stephajn Craig: "Extended Stored PRocedures"
• Next in thread: Stephajn Craig: "Re: Extended Stored PRocedures"
• Reply: Stephajn Craig: "Re: Extended Stored PRocedures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 16 Jun 2003 21:05:28 +0100

As Service/packs security hotfixes have come out post SP2 things
have improved a lot from vanilla SP2 and previous. A plain SP2
server is horendously vulnerable I'd agree.

This lockdown script is a good start
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=4&tabid=12
also the list here (about halfway down)
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=3&tabid=4

Be aware that some of those in the second link are used by Enterprise
Manager and so some functionality may be lost however this does not
affect the functioning of SQL Server. How far you want to take it is up
to you but please do test first :-)

-- 
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Stephajn Craig" <s.craig@NOSPAMfunsunvacations.com> wrote in message
news:eNCwq2CNDHA.1072@TK2MSFTNGP11.phx.gbl...
There are a number of stored procedures I cannot believe Microsoft enabled
public access to by default.  Things like the xp_readerrorlog procedure
allows a user to read a file of their choosing on the server!
So how can I know which Extended Stored Procedures are absolutely necessary
and which ones I can safely disable access to or remove altogether.
Thanks for any pointers in advance.
--
Stephajn Craig

---

• Next message: Jasper Smith: "Re: what am I missing?"
• Previous message: dan i: "what am I missing?"
• In reply to: Stephajn Craig: "Extended Stored PRocedures"
• Next in thread: Stephajn Craig: "Re: Extended Stored PRocedures"
• Reply: Stephajn Craig: "Re: Extended Stored PRocedures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: User defined types command parameter types ... > the server telling it what it wants done. ... > aren't going to need or want SQL CLR. ... >>avoided if Visual Studio was more tightly integrated with SQL server. ... >>like to see better integration of stored procedures and application code. ... (microsoft.public.dotnet.framework.adonet) Re: DB design, facilitates Double entries of internal transactions ... The single server is also ... transactions, even if just a pair of ID's/amounts, is still double entry. ... but I would tend to recommend SQL Server ... Stored Procedures and transaction control on the server. ... (microsoft.public.access.tablesdbdesign) Re: Temp files in Stored Procedures ... you do need to use SELECT INTO, try to schedule it when your SQL Server is ... server to its knees. ... >> The ideal method is to avoid using temp tables within stored procedures. ... (microsoft.public.sqlserver.programming) Re: User defined types command parameter types ... the server telling it what it wants done. ... SQLS 2005 hosting the CLR isn't going to make any difference in this ... >avoided if Visual Studio was more tightly integrated with SQL server. ... >like to see better integration of stored procedures and application code. ... (microsoft.public.dotnet.framework.adonet) Re: Remote Access Wizard fails to complete with error in rraslog f ... You might also try downloading and re-applying Windows 2003 SP2 ... Windows Server 2003 SP2 is also now on the server which was ... Reading VPN Server Name returned OK ... Checking whether RRAS is already running returned OK ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)