|
|
Posted by Erland Sommarskog on 08/08/06 21:50
Ward Bekker (ward@NospaaMequanimity.nl) writes:
> For a service I'm working on I need to ask the user for their database
> create script. It's used to re-create the users database schema in a
> temporary database on a in-house server in an automated fashion.
>
> For security reasons, I need to be sure that the create script can only
> create tables, columns etc and not things like snooping in other
> databases and/or formatting the server.
>
> Can you give me pointers about what the minimum grants are to let good
> script execute successfully and evil scripts fail?
First of all, which version of SQL Server including service pack do you
have?
As M.Bohse said, run the scripts as a user who only have access in that
database, although in that database he need some privs. Very important:
make sure that cross-database chaining is turned off, and that the
database is not set as trustworthy on SQL 2005.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
Navigation:
[Reply to this message]
|