Re: How to disable dangerous extended stored procedures In SQL2005
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Wed, 07 May 2008 15:10:22 -0700
Russell Fields (russellfields@xxxxxxxxxx) writes:
If you could disable them, you would not want to, since they are used by
SQL Server itself. I see that these by default are granted to the
public role. If you feel safe doing so, you could revoke the permission
to public by:
REVOKE EXECUTE ON xp_dirtree TO public
The system itself should still be able to use these procedures (it runs as
sysadmin after all) but the general user will no longer be able to do so.
xp_dirtree is use among other things for the browse dialog for BACKUP
to permit the user to select where to put the backup.
If backups are only taken by sysadmins, this is not an issue. But if
there are database owners out there who are not sysadmin, removing access
to xp_dirtree could cause some problems.
The same applies to xp_regread, xp_fileexist and others.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Follow-Ups:
- References:
- How to disable dangerous extended stored procedures In SQL2005
- From: Fancy
- Re: How to disable dangerous extended stored procedures In SQL2005
- From: Russell Fields
- How to disable dangerous extended stored procedures In SQL2005
- Prev by Date: Re: Alter User for domain user
- Next by Date: Re: Alter User for domain user
- Previous by thread: Re: How to disable dangerous extended stored procedures In SQL2005
- Next by thread: Re: How to disable dangerous extended stored procedures In SQL2005
- Index(es):
Relevant Pages
|
|
