Home > Archive > Microsoft SQL Server forum > July 2005 > Stored Proceedures









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Stored Proceedures
Paul Johnston

2005-07-22, 3:23 am

I work in a University and we are looking at installing a MSSQL 2000
database for students to be able to use for their final year projects.
Previously we gave them mysql and access. I am quite new to MSSQL and
was wondering if any of the stored proceedures which get created with
accounts could lead to any issues, say performance or security. If so
we could remove them on account creation. Generally the students don't
do much fancy just access via a web server or windows application but
often their appreciation of security is limited :-(
TIA Paul
Simon Hayes

2005-07-22, 9:23 am

If you're new to MSSQL, it would probably be a good idea to spend some
time reviewing the security model - see "Managing Security" in Books
Online, and also the resources here:

http://www.microsoft.com/sql/techin...ty/default.mspx

It's hard to be specific without knowing more about what the students
will be developing, but if you install the latest servicepack (SP4),
don't allow users to execute xp_cmdshell or create ActiveX jobs, and
don't give them database owner privileges, that should prevent some of
the more obvious abuses. The baseline security analyzer (see the link
above) is also very useful for finding potential configuration issues.

Simon

Paul Johnston

2005-07-28, 7:23 am

On 22 Jul 2005 06:24:44 -0700, "Simon Hayes" <sql@hayes.ch> wrote:

>If you're new to MSSQL, it would probably be a good idea to spend some
>time reviewing the security model - see "Managing Security" in Books
>Online, and also the resources here:
>
>http://www.microsoft.com/sql/techin...ty/default.mspx
>
>It's hard to be specific without knowing more about what the students
>will be developing, but if you install the latest servicepack (SP4),
>don't allow users to execute xp_cmdshell or create ActiveX jobs, and
>don't give them database owner privileges, that should prevent some of
>the more obvious abuses. The baseline security analyzer (see the link
>above) is also very useful for finding potential configuration issues.
>
>Simon

Cheers will do!
Paul
Sponsored Links





Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive | Programming forum archive

Copyright 2008 droptable.com