Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Security hole?

Reply
Thread Tools

Security hole?

 
 
LL
Guest
Posts: n/a
 
      10-21-2003
Hi,

If Assign ASP.NET User as db_owner to the login user, can possible the login
user do some bad thing to my db system? Thanks...





sp_addrolemember 'db_owner', <ASP.NET User Account>"


 
Reply With Quote
 
 
 
 
John Doe
Guest
Posts: n/a
 
      10-21-2003
db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.


>-----Original Message-----
>Hi,
>
>If Assign ASP.NET User as db_owner to the login user, can

possible the login
>user do some bad thing to my db system? Thanks...
>
>
>
>
>
>sp_addrolemember 'db_owner', <ASP.NET User Account>"
>
>
>.
>

 
Reply With Quote
 
 
 
 
LL
Guest
Posts: n/a
 
      10-22-2003
Thanks for the hlep.

How to avoid that? I only need the login user can insert, modify to the
specify DB.

"John Doe" <(E-Mail Removed)> wrote in message
news:03a301c3982d$7ca8bf90$(E-Mail Removed)...
> db_owner can do anything in the database so that is
> opening up a large hole. In case you have not written an
> application that is not vurnable to sql injection.
>
>
> >-----Original Message-----
> >Hi,
> >
> >If Assign ASP.NET User as db_owner to the login user, can

> possible the login
> >user do some bad thing to my db system? Thanks...
> >
> >
> >
> >
> >
> >sp_addrolemember 'db_owner', <ASP.NET User Account>"
> >
> >
> >.
> >



 
Reply With Quote
 
Jerry III
Guest
Posts: n/a
 
      10-23-2003
Just use the permissions button in Enterprise manager or lookup GRANT in
T-SQL to setup only the permissions your application login needs.

Jerry

"LL" <(E-Mail Removed)> wrote in message
news:unTU1%(E-Mail Removed)...
> Thanks for the hlep.
>
> How to avoid that? I only need the login user can insert, modify to the
> specify DB.
>
> "John Doe" <(E-Mail Removed)> wrote in message
> news:03a301c3982d$7ca8bf90$(E-Mail Removed)...
> > db_owner can do anything in the database so that is
> > opening up a large hole. In case you have not written an
> > application that is not vurnable to sql injection.
> >
> >
> > >-----Original Message-----
> > >Hi,
> > >
> > >If Assign ASP.NET User as db_owner to the login user, can

> > possible the login
> > >user do some bad thing to my db system? Thanks...
> > >
> > >
> > >
> > >
> > >
> > >sp_addrolemember 'db_owner', <ASP.NET User Account>"
> > >
> > >
> > >.
> > >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing higher security level from higher security level nderose@gmail.com Cisco 0 07-11-2005 10:20 PM
Going from higher security level interface to lower security interface- HELP!!! - AM Cisco 4 12-28-2004 09:52 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM
How secure is the security from my security form? Aaron Java 1 08-04-2003 06:16 PM
MCSA: Security MCSE: Security question Rick Sears MCSE 0 07-29-2003 08:02 PM



Advertisments