RE: Revoking public permissions
From: Randy Dyess (anonymous_at_discussions.microsoft.com)
Date: 02/29/04
- Previous message: Randy Dyess: "RE: Default Stored Procedures"
- Next in thread: Gemmill: "RE: Revoking public permissions"
- Reply: Gemmill: "RE: Revoking public permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 29 Feb 2004 12:46:09 -0800
Best practices often tell you to remove PUBLIC role from all user objects and this should be done after a careful review of the permission required by your application.
Some experts also go as far as to recommend that you remove PUBLIC role permissions from system stored procedures and extended stored procedures to prevent attacks on your server. This should also be done, but only after careful testing as removing PUBLIC permissions to all stored procedures can often break some functionality in Enterprise Manager. I do not know of a article/whitepaper that has studied this and listed what exactly will be broken based on each system stored procedure.
Brian Kelley recently released a nice whitepaper on the PUBLIC role permissions to system tables that you should read to see if it is any help.
SQL Server 2000: Permissions on System Tables Granted to Logins Due to the Public Role
http://www.giac.org./practical/GSEC/KBrian_Kelley_GSEC.pdf
Randy Dyess
www.Database-Security.Info
- Previous message: Randy Dyess: "RE: Default Stored Procedures"
- Next in thread: Gemmill: "RE: Revoking public permissions"
- Reply: Gemmill: "RE: Revoking public permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
