New Search
If you are not happy with the results below please do another search
5 search results for: dbo escalation
CONTROL SERVER vs. sysadmin/sa: permissions, system procedures, DBCC, automatic schema creation and privilege escalation caveats
/4 Comments/in Schemas, SecuritySince SQL Server 2005, the server wide permission CONTROL SERVER has been existing. In principle being an alternative to sysadmin-membership, it did not turn out to be much more than a shelf warmer. – Little known and even less used. One of the main reasons for this was the absence of an option to grant […]
SQL Server Database Ownership: survey results & recommendations
/7 Comments/in Scripts, Security, Surveys/UmfragenYou may remember the survey on database ownership which I launched several months ago. In the following, I am now presenting the results and giving my official recommendation for a best practice for security in terms of database ownership. First, if you still need the script:
DISABLE and DENY LOGIN, DENY USER & Effect on Impersonation and Permissions
/0 Comments/in SecurityA short article on the effects – or missing effects – regarding the disabling & denying connect of Logins & Users on impersonation and permission. Every once in a while one can observe that Logins or Users have been denied the Connect permission or a Login has been disabled. Therefore a correct expectation and understanding […]
Security Session „SQL Attack..ed“ – Attack scenarios on SQL Server (“Hacking SQL Server”)
/in Conferences, Security, Seminare, SQLPASSAt this year’s SQLSaturday in Germany I have shown one of my sessions again, in which I concentrate on “attack”. For me a great opportunity to dive deep into SQL Server Security and several penetration-test-tool, and to explore SQL Server for pitfalls and security configuration. At the end I had a long list of possible […]
