Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Aside from executing XP_CmdShell, which I have disabled in my SQL 2005 installation, what could a malicious user who gains DBO rights to my database do:
I’m assessing the worst-case security risk of someone obtaining DBO to justify running a ‘least-privileged’ user account in an application. Some allege that since we’re not working with ‘confidential data’ that the impact of someone gaining DBO is minimal.
he can run any XP_ sproc so it can mess up the registry and mess up your whole server for one thing. drop/change tables, etc…