Re: Linked Server Security

Dan (Dan@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
The developer is using a sql login. I tested this (what I consider a
security flaw) by creating a sql user (JoeUser) on the dev box that did
not belong to any roles and was not given any access other than the
ability to connect to the dev server. I then connected as that user and
queried the corporate db with a SELECT * FROM
servername.dbname.dbo.table and it worked just fine. so as JoeUser with
no defined access to the corporate db I was able to circumvent the
corporate db security because of a developer who used his sql login to
create a linked server on a box he manages. So other than disabling the
developer's login account I can't find anyway of preventing him from
essentially granting his same level of access to any user he chooses.

Yes and no. It is correct, that the only thing you can do on your server
is to disable his login.

However, before you do this, I suggest that you request that this developer
sets up his login in the linked server connection correctly.

Presumably, the developer has set up the login this way:

EXEC sp_addlinkedsrvlogin 'YOURSERVER', 'false',
NULL, 'hislogin', 'hispassword'

The key here is the third parameter, @locallogin. When NULL, it specifies
that this login-mapping applies to all logins on his server. The
developer should instead have specified his login on the development
server. I'm here assuming that everyone who connects to the development
server use their own login. If everyone connects as sa, this won't work,
and you can only request that he removes the linked-server defintion.

I like to add that there is no security flaw per se here. Instead of
setting up the linked server, this developer could simply have shared
his username and password on your corporate with his developer mates,
and they could have logged in interactively. Now, it is quite clear,
that this vould be matter to disciplinary actions. But technically,
setting up the linked server is just the same. You could give him the
benefit of the doubt that he did not understand what he was doing. If
he did this on purpose, I think there is all reason to escalate this
beyond the technical realm.


--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

.

Relevant Pages

  • Re: SQL User SID format?
    ... When you move databases to another server, you can remap users to logins ... capability to remap a user to a login with new ALTER USER syntax - I ... The new ALTER USER syntax works for remapping both SQL and Windows ... this means you already have access to a SID from the syslogins catalog; ...
    (microsoft.public.sqlserver.security)
  • Re: SQL Server on XP Home Network
    ... The sa account is the system administrator "God" account witihin SQL ... This account is a SQL-Server login. ... You might be able to use Enterprise Manager to go in and create a new SQL ... Select the "SQL Server Authentication" ...
    (microsoft.public.sqlserver.setup)
  • Microsoft SQL server error:233
    ... Right click on the Instance name - Server Properties ... Restart the SQL Service. ... Login as an Administrator into the SqL Server ... A connection was successfully established with the server, ...
    (microsoft.public.sqlserver.connect)
  • Re: SQL Server 2000 Replication Agents Credentials
    ... the snapshot agent IS using sql login to connect to the ... The pull distribution agent IS using sql ... Do you know where SQL Server 2000 saves the sql ...
    (microsoft.public.sqlserver.replication)
  • Re: Can you update/process AS2005 cube with AMO and SQL authentica
    ... We have cases where the AS server and the Data Source server reside on 2 ... The data source is properly secured using SQL Server ... login and no serious client will accept the login with no password. ...
    (microsoft.public.sqlserver.olap)