Security hole?

L

LL

Hi,

If Assign ASP.NET User as db_owner to the login user, can possible the login
user do some bad thing to my db system? Thanks...





sp_addrolemember 'db_owner', <ASP.NET User Account>"
 
J

John Doe

db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.
 
L

LL

Thanks for the hlep.

How to avoid that? I only need the login user can insert, modify to the
specify DB.
 
J

Jerry III

Just use the permissions button in Enterprise manager or lookup GRANT in
T-SQL to setup only the permissions your application login needs.

Jerry
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GET NEIL DEGRASSES TYSON, I ripped a hole with this one... 0
asp.net sqlmembershipprovider integrated security 1
Login failed for NT AUTHORITY\NETWORK SERVICE on a ASP.Net app 5
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Failed to login to session state SQL server for user error? 1
How to Create a random password generator in a separate window 4
Pleeease help? 1
Permissions to Sql2005 database from IIS 9

Members online

Total: 23 (members: 2, guests: 21)
Robots: 513

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top