SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-29-2008, 08:30 AM
| ||||
| ||||
 Stored Proceedures I work in a University and we are looking at installing a MSSQL 2000 database for students to be able to use for their final year projects. Previously we gave them mysql and access. I am quite new to MSSQL and was wondering if any of the stored proceedures which get created with accounts could lead to any issues, say performance or security. If so we could remove them on account creation. Generally the students don't do much fancy just access via a web server or windows application but often their appreciation of security is limited :-( TIA Paul      |
|
02-29-2008, 08:31 AM
| |||
| |||
| Re: Stored Proceedures If you're new to MSSQL, it would probably be a good idea to spend some time reviewing the security model - see "Managing Security" in Books Online, and also the resources here: http://www.microsoft.com/sql/techinf...y/default.mspx It's hard to be specific without knowing more about what the students will be developing, but if you install the latest servicepack (SP4), don't allow users to execute xp_cmdshell or create ActiveX jobs, and don't give them database owner privileges, that should prevent some of the more obvious abuses. The baseline security analyzer (see the link above) is also very useful for finding potential configuration issues. Simon |
|
02-29-2008, 08:34 AM
| ||||
| ||||
| Re: Stored Proceedures On 22 Jul 2005 06:24:44 -0700, "Simon Hayes" <sql@hayes.ch> wrote: >If you're new to MSSQL, it would probably be a good idea to spend some >time reviewing the security model - see "Managing Security" in Books >Online, and also the resources here: > >http://www.microsoft.com/sql/techinf...y/default.mspx > >It's hard to be specific without knowing more about what the students >will be developing, but if you install the latest servicepack (SP4), >don't allow users to execute xp_cmdshell or create ActiveX jobs, and >don't give them database owner privileges, that should prevent some of >the more obvious abuses. The baseline security analyzer (see the link >above) is also very useful for finding potential configuration issues. > >Simon Cheers will do! Paul |
Linear Mode
