Hello All,
i was wondering if there exists some way to disable all system stored
procedures, as they are vulnerable to attacks specially if they r not
needed within any of my applications.
something like, xp_cmdshell may cause attacks.
i need ur help plz and will appreciate ur response and suggestions
thanx for ur gr8 help
You simply set permissions on those system stored procs. Then you ensure
that your applications connect using other credentials.
That is how you secure your server against cmd.exe from being abused (i.e.
by setting ACLs on cmd.exe), and cmd.exe is basically what you get when
using xp_cmdshell.
Cheers
Ken
news:1150355438.433402.151370@i40g2000cwc.googlegroups.com.. .
> Hello All,
> i was wondering if there exists some way to disable all system stored
> procedures, as they are vulnerable to attacks specially if they r not
> needed within any of my applications.
> something like, xp_cmdshell may cause attacks.
>
> i need ur help plz and will appreciate ur response and suggestions
>
> thanx for ur gr8 help
>
See my response to your identical post elsewhere.
Is there some specific sys sproc that concerns you ?
news:1150355438.433402.151370@i40g2000cwc.googlegroups.com.. .
> Hello All,
> i was wondering if there exists some way to disable all system stored
> procedures, as they are vulnerable to attacks specially if they r not
> needed within any of my applications.
> something like, xp_cmdshell may cause attacks.
>
> i need ur help plz and will appreciate ur response and suggestions
>
> thanx for ur gr8 help
>
Ken Schaefer wrote:
> You simply set permissions on those system stored procs. Then you ensure
> that your applications connect using other credentials.
>
> That is how you secure your server against cmd.exe from being abused (i.e.
> by setting ACLs on cmd.exe), and cmd.exe is basically what you get when
> using xp_cmdshell.
>
>
what if i want to protect my server from allllllll the system stored
procedure not only xp_cmd.exe.
there exists manyyyyyyy system stored procedures that may be used in a
malicious way to attack my server and it will be impossible to change
permissions to al these stored procedures :)
so,, what do u think??
Name some of these, but not one that may but rather that can be
used to attack your server in malicious way by a SQL user that is
not in any of the Server Roles.
I think you are chasing ghosts.
Roger Abell
(MCDBA and Windows Server Security MVP)
news:1150437581.722642.102690@c74g2000cwc.googlegroups.com.. .
>
> Ken Schaefer wrote:
>> You simply set permissions on those system stored procs. Then you ensure
>> that your applications connect using other credentials.
>>
>> That is how you secure your server against cmd.exe from being abused
>> (i.e.
>> by setting ACLs on cmd.exe), and cmd.exe is basically what you get when
>> using xp_cmdshell.
>>
>>
>
>
> what if i want to protect my server from allllllll the system stored
> procedure not only xp_cmd.exe.
>
> there exists manyyyyyyy system stored procedures that may be used in a
> malicious way to attack my server and it will be impossible to change
> permissions to al these stored procedures :)
>
> so,, what do u think??
>