Security Issues with Built-in Roles?

From: Craig Berntson (iamcraig_at_iamcraigberntson.com)
Date: 02/23/05

Next message: anita: "Profiler"
Previous message: Andrew J. Kelly: "Re: Auditing SP Execute."
Next in thread: Sue Hoegemeier: "Re: Security Issues with Built-in Roles?"
Reply: Sue Hoegemeier: "Re: Security Issues with Built-in Roles?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Feb 2005 12:10:58 -0700

Can anyone explain the security issues with using built-in security roles
such as db_writer, db_reader, etc. We have an application that uses these to
control access, but one client is complaining that it causes them to fail a
security audit. What are the security issues with these roles and what are
the alternatives to using these roles?

-- 
Craig Berntson
MCSD, Visual FoxPro MVP
www.craigberntson.com
Salt Lake City Fox User Group
www.slcfox.org
www.foxcentral.net

Next message: anita: "Profiler"
Previous message: Andrew J. Kelly: "Re: Auditing SP Execute."
Next in thread: Sue Hoegemeier: "Re: Security Issues with Built-in Roles?"
Reply: Sue Hoegemeier: "Re: Security Issues with Built-in Roles?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Sandboxing
... By having the NIC be a hardware VPN with a secure remote configuration option, one would control access so that unauthenticated traffic would not pass, and all traffic would follow a policy. ... Individual machine security was at the top of the list when DARPA contributed to this product's research, and the Navy is calling this the "most promising technology." ... During the Policy Server installation, ...
(Focus-IDS)
IWA problem
... Security to control access. ... Authentication and Access Control ensuring Anonymous Access is NOT checked ... users get prompted to enter a user id/password when they hit the website. ...
(microsoft.public.inetserver.iis.security)
Re: Prevent copying to local HD
... security breach. ... It sounds like you're trying to control access to some Access MDB files -- ... plan for mitigation of that security breach. ... We do have Citrix Metaframe. ...
(microsoft.public.windows.server.security)
Re: Operator Security
... security descriptor, you can control access to the metabase keys. ... |>> Rgds. ...
(microsoft.public.inetserver.iis.security)
Password access to XP computers?
... I want to be able to connect to each subdir on every machine on my home ... security system in XP, but must use Simple and let everyone have access to ... control access to others in my home workgroup? ...
(microsoft.public.windowsxp.security_admin)