sql server sp_addlogin from vb.net and security !!!!
From: fasttrack via SQLMonster.com (u15121_at_uwe)
Date: 10/23/05
- Previous message: Geof: "SQLMail and restricted service account"
- Next in thread: Sue Hoegemeier: "Re: sql server sp_addlogin from vb.net and security !!!!"
- Reply: Sue Hoegemeier: "Re: sql server sp_addlogin from vb.net and security !!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 Oct 2005 13:45:35 GMT
A problem of security:
>From a vb.net form I created the chance to add an SQL Server user with role
as administrator.
To create it, username and password are retrieved from two text box and then
the login is created with:
cmdSQL = "EXEC sp_addlogin '" & txtUser.text & "', '" txtPwd.text & "'"
then the cmdSQL is executed.
Then:
added to Administrator role as follow:
cmdSQL = "EXEC sp_addsrvrolemember '" & txtUser.text & "', ' sysadmin'"
then the cmdSQL is executed.
Everyting works well: user is created in the specified SQL Server and added
to administrator role.
My question is:
Doing so...are there problem of security? Password could be read when
sp_addlogin is executed....?
An encrptyon method must be used?
This is very important because the new user created has administrator
privilege.
Any help or suggestion may be helpful...
Thank
- Previous message: Geof: "SQLMail and restricted service account"
- Next in thread: Sue Hoegemeier: "Re: sql server sp_addlogin from vb.net and security !!!!"
- Reply: Sue Hoegemeier: "Re: sql server sp_addlogin from vb.net and security !!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
