{"id":3388,"date":"2014-03-07T15:17:03","date_gmt":"2014-03-07T14:17:03","guid":{"rendered":"http:\/\/andreas-wolter.com\/disable-und-deny-login-deny-user-effekt-auf-impersonierung-und-berechtigungen\/"},"modified":"2017-10-18T08:30:10","modified_gmt":"2017-10-18T07:30:10","slug":"disable-and-deny-login-deny-user-effect-on-impersonation-and-permissions","status":"publish","type":"post","link":"https:\/\/andreas-wolter.com\/en\/disable-and-deny-login-deny-user-effect-on-impersonation-and-permissions\/","title":{"rendered":"DISABLE and DENY LOGIN, DENY USER &#038; Effect on Impersonation and Permissions"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-b957e930b6407c56af4ff7b262bcda9b\">\n#top .av-special-heading.av-av_heading-b957e930b6407c56af4ff7b262bcda9b{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-av_heading-b957e930b6407c56af4ff7b262bcda9b .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-av_heading-b957e930b6407c56af4ff7b262bcda9b .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-b957e930b6407c56af4ff7b262bcda9b av-special-heading-h3 blockquote modern-quote  avia-builder-el-0  el_before_av_textblock  avia-builder-el-first '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >DISABLE and DENY LOGIN, DENY USER <span class='special_amp'>&amp;<\/span> Effect on Impersonation and Permissions<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>A short article on the effects &#8211; or missing effects &#8211; regarding the <strong><em>disabling &#038; denying connect<\/em><\/strong> of <em>Logins &#038; Users<\/em> on <strong><em>impersonation<\/em><\/strong> and permission.<\/p>\n<p>Every once in a while one can observe that Logins or Users have been <em>denied<\/em> <em>the Connect permission<\/em> or a Login has been <em>disabled<\/em>.<\/p>\n<p>Therefore a correct expectation and understanding can be critical.<!--more--><\/p>\n<p>So let\u2019s see a simple demo: We will use the built-in <em>sa<\/em>-Account, which is used by many as database owner among other (more on that soon in another article &#8211; <a href=\"http:\/\/www.insidesql.org\/blogs\/andreaswolter\/2013\/12\/survey-sql-server-database-ownership-datenbankbesitzer\" target=\"_blank\" rel=\"noopener\">meanwhile I do invite you to still send in data for the survey on that topic<\/a>), another freshly created Account <em>DeniedLogin<\/em> and a database called <em>ImpersonateLogin<\/em> with the according User + another <em>User without Login<\/em>: <em>SQLUser<\/em>.<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-407ddf0311a98677ebb1f0f8df5bf4f6\">\n.avia-image-container.av-av_image-407ddf0311a98677ebb1f0f8df5bf4f6 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-407ddf0311a98677ebb1f0f8df5bf4f6 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-407ddf0311a98677ebb1f0f8df5bf4f6 av-styling- avia-align-center  avia-builder-el-2  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-3372 avia-img-lazy-loading-not-3372 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1.png\" alt='' title='1403_DisabledPrincipals_Script_1'  height=\"599\" width=\"953\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1.png 953w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1-600x377.png 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1-300x189.png 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1-768x483.png 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1-705x443.png 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Script_1-450x283.png 450w\" sizes=\"(max-width: 953px) 100vw, 953px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>So I am disabling the sa-account as well as the \u201cDeniedLogin\u201d-Account \u2013 the latter I also Deny the <em>Connect<\/em> permission (Remember we <em>\u201cCannot grant, deny, or revoke permissions to sa, dbo, entity owner, information_schema, sys, or yourself.\u201d)<\/em><\/p>\n<p>The Database-User \u201cSQLUser\u201d gets denied the <em>Connect<\/em> permission on the database.<\/p>\n<p>In the GUI the result looks like this:<\/p>\n<p><a href=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Setup_Disabled_Login.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3373 size-full\" src=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Setup_Disabled_Login.png\" alt=\"\" width=\"187\" height=\"74\" \/><\/a><\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-18f0b79b80859b138d11413f276047cc\">\n.avia-image-container.av-av_image-18f0b79b80859b138d11413f276047cc img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-18f0b79b80859b138d11413f276047cc .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-18f0b79b80859b138d11413f276047cc av-styling- avia-align-center  avia-builder-el-4  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-3376 avia-img-lazy-loading-not-3376 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Setup_Disabled_sa.png\" alt='' title='1403_DisabledPrincipals_Setup_Disabled_sa'  height=\"376\" width=\"486\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Setup_Disabled_sa.png 486w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Setup_Disabled_sa-300x232.png 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Setup_Disabled_sa-450x348.png 450w\" sizes=\"(max-width: 486px) 100vw, 486px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Now let\u2019s run 4 tests.<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-400b323bbf9dd520f4797cbba0c478fa\">\n.avia-image-container.av-av_image-400b323bbf9dd520f4797cbba0c478fa img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-400b323bbf9dd520f4797cbba0c478fa .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-400b323bbf9dd520f4797cbba0c478fa av-styling- avia-align-center  avia-builder-el-6  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-3370 avia-img-lazy-loading-not-3370 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test1.png\" alt='' title='1403_DisabledPrincipals_Test1'  height=\"433\" width=\"636\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test1.png 636w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test1-600x408.png 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test1-300x204.png 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test1-450x306.png 450w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>So essentially what those queries do, is trying to impersonate the respective Login or User \u2013 and proofing success by returning the then respective active role-memberships.<\/p>\n<p>Results: <a href=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-3377 aligncenter\" src=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_1.png\" alt=\"\" width=\"421\" height=\"218\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_1.png 421w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_1-300x155.png 300w\" sizes=\"auto, (max-width: 421px) 100vw, 421px\" \/><\/a><\/p>\n<\/div><\/section>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong><em>DeniedLogin<\/em><\/strong>: <strong>Impersonation works + No loss of permissions<\/strong>.<\/p>\n<p>In other words: <strong><em>Denying<\/em><\/strong> Connect to a Login does not disallow Impersonation. Impersonation is actually another permission which one can use and is <strong>not affected <\/strong>even by <strong><em>Disabling<\/em><\/strong> the Login! <a href=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3379 aligncenter\" src=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_2.png\" alt=\"\" width=\"404\" height=\"212\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_2.png 404w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Result_2-300x157.png 300w\" sizes=\"auto, (max-width: 404px) 100vw, 404px\" \/><\/a><\/p>\n<\/div><\/section>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Same applies for <strong><em>sa<\/em><\/strong>: <strong>Impersonation works + No loss of permissions<\/strong>.<\/p>\n<p>In the following test for the <em>User<\/em> which has been denied the Connect-permission onto the database \u2013 and cannot be used as a Login.<\/p>\n<p><a href=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-3381 aligncenter\" src=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test2.png\" alt=\"\" width=\"427\" height=\"354\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test2.png 427w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1403_DisabledPrincipals_Test2-300x249.png 300w\" sizes=\"auto, (max-width: 427px) 100vw, 427px\" \/><\/a><\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_textblock-c09fac0dabe4d96e7430e6715062a98a\">\n#top .av_textblock_section.av-av_textblock-c09fac0dabe4d96e7430e6715062a98a .avia_textblock{\nfont-size:12px;\n}\n<\/style>\n<section  class='av_textblock_section av-av_textblock-c09fac0dabe4d96e7430e6715062a98a '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Results:<\/p>\n<p><span style=\"color: #ff0000;\"><strong>Msg 15517, Level 16, State 1, Line 3<\/strong><\/span><\/p>\n<p><span style=\"color: #ff0000;\">Cannot execute as the database principal because the principal <strong>&#8220;DeniedLogin&#8221;<\/strong> does not exist, this type of principal cannot be impersonated, or you do not have permission.<\/span><\/p>\n<p><span style=\"color: #ff0000;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Msg 916, Level 14, State 1, Line 3<\/strong><\/span><\/p>\n<p><span style=\"color: #ff0000;\">The server principal <strong>&#8220;S-1-9-3-4049223906-1289824279-1154161590-488313048.&#8221; <\/strong>is not able to access the database &#8220;ImpersonateLogin&#8221; under the current security context.<\/span><\/p>\n<p><br class=\"\u201cclear\u201c\" \/><\/p>\n<\/div><\/section>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The GUID does not represent a real server-principal, because the User <em>SQLUser<\/em> does not have a matching Login. So it tells us, that the <strong><em>users<\/em><\/strong> cannot be impersonated inside the database.<\/p>\n<p>The difference for the second user is, that this user only exists inside the database but at the same time has been explicitly denied to connect to it. This has essentially the same result as \u201cdisabling\u201d it \u2013 just as the <em>guest<\/em>-user is.<\/p>\n<p>Thereby it is shown that disabling of Logins does not give any security against attacks from inside. And so-called <em>privilege elevation<\/em> (\/-<em>escalation<\/em>) usually takes part from internal.<\/p>\n<p>Also the old \u201ctrick\u201d, to drop the default-database of a Login, is of little help.<\/p>\n<p>For database-users is indeed does have an effect and prevents logon\/connect to the respective database \u2013 also \u201cfrom inside\u201d.<\/p>\n<p>Consequentially all permissions (besides the one denied of course) of the respective Login and User stay totally unaffected by and method of <em>deactivation<\/em>.<\/p>\n<p>This is also true in the context of \u201cexternal access\u201d-permission for Logins based on asymmetric keys. (Here a forum-thread where the question appeared: \u201c<a href=\"http:\/\/social.msdn.microsoft.com\/Forums\/sqlserver\/en-US\/d92c8a93-792d-4f6b-88f2-3808bf305828\/sql-login-disabled-flag-does-not-work-with-asymmetric-key\" target=\"_blank\" rel=\"noopener\">SQL Login &#8220;disabled&#8221; flag does not work with asymmetric key??<\/a>\u201d)<\/p>\n<p>ALTER LOGIN is also explained in BOL here: <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ms189828.aspx\" target=\"_blank\" rel=\"noopener\">technet.microsoft.com\/en-us\/library\/ms189828.aspx<\/a><\/p>\n<p>I hope those things clarified some things and especially recommendations in security-matters.<\/p>\n<p><br class=\"\u201cclear\u201c\" \/>Happy securing<\/p>\n<p><br class=\"\u201cclear\u201c\" \/>Andreas<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_one_full-97c650ae075063b375f558a776c570f8\">\n#top .flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nmargin-top:40px;\nmargin-bottom:40px;\n}\n.flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n.responsive #top #wrap_all .flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nmargin-top:40px;\nmargin-bottom:40px;\n}\n<\/style>\n<div  class='flex_column av-av_one_full-97c650ae075063b375f558a776c570f8 av_one_full  avia-builder-el-12  el_after_av_textblock  el_before_av_hr  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><div><\/div>\n<div><\/div>\n<\/div><\/section><\/div>\r\n\r\n<div  class='hr av-av_hr-0ff602b3e980a3377077ff3c1c834df6 hr-default  avia-builder-el-14  el_after_av_one_full  el_before_av_social_share '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\r\n\r\n<div  class='av-social-sharing-box av-av_social_share-8644d330ffb238fff0cfa858c5295467 av-social-sharing-box-default  avia-builder-el-15  el_after_av_hr  el_before_av_comments_list  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https:\/\/andreas-wolter.com\/en\/disable-and-deny-login-deny-user-effect-on-impersonation-and-permissions\/&#038;t=DISABLE%20and%20DENY%20LOGIN%2C%20DENY%20USER%20%26%20Effect%20on%20Impersonation%20and%20Permissions\" aria-hidden=\"false\" data-av_icon=\"\ue8f3\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Facebook\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter' ><a target=\"_blank\" aria-label=\"Share on Twitter\" href=\"https:\/\/twitter.com\/share?text=DISABLE%20and%20DENY%20LOGIN%2C%20DENY%20USER%20%26%20Effect%20on%20Impersonation%20and%20Permissions&#038;url=https:\/\/andreas-wolter.com\/en\/?p=3388\" aria-hidden=\"false\" data-av_icon=\"\ue8f1\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Twitter\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Twitter<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href=\"https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=DISABLE%20and%20DENY%20LOGIN%2C%20DENY%20USER%20%26%20Effect%20on%20Impersonation%20and%20Permissions&#038;url=https:\/\/andreas-wolter.com\/en\/disable-and-deny-login-deny-user-effect-on-impersonation-and-permissions\/\" aria-hidden=\"false\" data-av_icon=\"\ue8fc\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on LinkedIn\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><\/ul><\/div><\/div>\r\n\r\n<div  class='av-buildercomment av-av_comments_list-88ce68e426f11248fa394058a3de040f  av-blog-meta-author-disabled av-blog-meta-html-info-disabled'><\/div>","protected":false},"excerpt":{"rendered":"A short article on the effects &#8211; or missing effects &#8211; regarding the disabling &#038; denying connect of Logins &#038; Users on impersonation and permission. Every once in a while one can observe that Logins or Users have been denied the Connect permission or a Login has been disabled. Therefore a correct expectation and understanding [&hellip;]","protected":false},"author":4,"featured_media":3689,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[228,27],"class_list":["post-3388","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-en","tag-privilege-escalation-en","tag-security-en"],"_links":{"self":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/3388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/comments?post=3388"}],"version-history":[{"count":3,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/3388\/revisions"}],"predecessor-version":[{"id":3389,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/3388\/revisions\/3389"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media\/3689"}],"wp:attachment":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media?parent=3388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/categories?post=3388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/tags?post=3388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}