|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
System Stored ProceduresHello All,
i was wondering if there exists some way to disable all system stored procedures, as they are vulnerable to attacks specially if they r not needed within any of my applications. something like, xp_cmdshell may cause attacks. i need ur help plz and will appreciate ur response and suggestions thanx for ur gr8 help You simply set permissions on those system stored procs. Then you ensure
that your applications connect using other credentials. That is how you secure your server against cmd.exe from being abused (i.e. by setting ACLs on cmd.exe), and cmd.exe is basically what you get when using xp_cmdshell. Cheers Ken <Eng.R***@gmail.com> wrote in message Show quoteHide quote news:1150355438.433402.151370@i40g2000cwc.googlegroups.com... > Hello All, > i was wondering if there exists some way to disable all system stored > procedures, as they are vulnerable to attacks specially if they r not > needed within any of my applications. > something like, xp_cmdshell may cause attacks. > > i need ur help plz and will appreciate ur response and suggestions > > thanx for ur gr8 help > Ken Schaefer wrote:
> You simply set permissions on those system stored procs. Then you ensure what if i want to protect my server from allllllll the system stored> that your applications connect using other credentials. > > That is how you secure your server against cmd.exe from being abused (i.e. > by setting ACLs on cmd.exe), and cmd.exe is basically what you get when > using xp_cmdshell. > > procedure not only xp_cmd.exe. there exists manyyyyyyy system stored procedures that may be used in a malicious way to attack my server and it will be impossible to change permissions to al these stored procedures :) so,, what do u think?? Name some of these, but not one that may but rather that can be
used to attack your server in malicious way by a SQL user that is not in any of the Server Roles. I think you are chasing ghosts. Roger Abell (MCDBA and Windows Server Security MVP) <Eng.R***@gmail.com> wrote in message Show quoteHide quote news:1150437581.722642.102690@c74g2000cwc.googlegroups.com... > > Ken Schaefer wrote: >> You simply set permissions on those system stored procs. Then you ensure >> that your applications connect using other credentials. >> >> That is how you secure your server against cmd.exe from being abused >> (i.e. >> by setting ACLs on cmd.exe), and cmd.exe is basically what you get when >> using xp_cmdshell. >> >> > > > what if i want to protect my server from allllllll the system stored > procedure not only xp_cmd.exe. > > there exists manyyyyyyy system stored procedures that may be used in a > malicious way to attack my server and it will be impossible to change > permissions to al these stored procedures :) > > so,, what do u think?? > See my response to your identical post elsewhere.
Is there some specific sys sproc that concerns you ? <Eng.R***@gmail.com> wrote in message Show quoteHide quote news:1150355438.433402.151370@i40g2000cwc.googlegroups.com... > Hello All, > i was wondering if there exists some way to disable all system stored > procedures, as they are vulnerable to attacks specially if they r not > needed within any of my applications. > something like, xp_cmdshell may cause attacks. > > i need ur help plz and will appreciate ur response and suggestions > > thanx for ur gr8 help > 
Other interesting topics
Anyone know about streaming .wmv ?
problem downloading exe file on server 2003 iis with sp1 SSL and IIS 5.0 IIS Snap-In rights question SSL using locally generated certificate SSL on an IIS cluster child Folder named system disappears then cant delete its parent test a web service? IIS 6.0 Integrated Security SSL Certificate Help |
|||||||||||||||||||||||
