-
Posted to
Security
by
greenlit_design
on
05-13-2008, 11:09 AM
Hi,
A Sys Admin account in MS SQL give you access to all databases and gives you all privileges.
So basically you don't need any other rights.
I'm not sure if a Windows Admin account has admin right in MS SQL. I believe you need to add the Windows Account to MS SQL and grant that account proper permissions.
If you were able to create ...
-
Posted to
Security
by
greenlit_design
on
05-08-2008, 2:06 AM
[quote user="eftennis"]Your idea of denying select access to the sys objects seems to make the most sense of any ideas I have read about sql injectors. That would appear to be a foolproof way of at least stopping the current attackers.
Has this worked for you?
I tried to go in and do this, but, my sql login account does not appear ...
-
Posted to
Security
by
greenlit_design
on
05-07-2008, 5:25 PM
Thanks for posting this. It did help.
I just wanted to contribute also to the group.
We got SQL injected last night by this and this is how i fixed it.
1) First to prevent script from executing or any further issues:
deny select on sysobjects to sql_login_of_your_app
deny select on syscomments to ql_login_of_your_app
deny select ...