RE: Security hole allows a remote job to run.

From: stevtek <nospam@xxxxxxxxxx>
Date: Fri, 16 Dec 2005 05:52:58 -0800

Hi Andy,

Ok, so if this user is sa on his SQL Server, he can run his job but
point to our production database tables using the sql account. The
denywrite did work yesterday since it bombed when it got to the point of
trying to insert. But the other job is scripted with 'user defined
functions' and can still run.

If he is using sql account to make a connection in the job than SQL
Server doesn't see his NT account, right? He is not assigned to any
roles.

Thanks for your help~

*** Sent via Developersdex http://www.developersdex.com ***
.

Prev by Date: Re: Option to change SQL Server service account disabled
Next by Date: Re: netstat on my server
Previous by thread: Security hole allows a remote job to run.
Next by thread: netstat on my server
Index(es):
- Date
- Thread

Relevant Pages

Re:Changed server admin pwd; cant connect to SQL
... (after changing the administrator password). ... Can the SQL Server service start? ... The SQL account is that you specified in the system DSN. ...
(microsoft.public.sqlserver.security)
Windows NT Password Authentication
... VB6 app to connect to SQL Server 7 using ADO connection object ... I want to connect to the SQL Server by passing in the NT credentials ... first checked for an NT account and then a SQL account. ...
(microsoft.public.sqlserver.security)
Re: security?
... > Thanks John, ... Install a new sql server, create a sql account, how to ...
(microsoft.public.sqlserver.programming)
RE: connecting
... databases. ... Please try to login the computer which host SQL Server as the ... local administrator and try to connect to the SQL Server to see does all ... please goto the Security section to add the SQL account to the ...
(microsoft.public.sqlserver.connect)