Security hole?

Discussion in 'ASP .Net' started by LL, Oct 21, 2003.

  1. LL

    LL Guest

    Hi,

    If Assign ASP.NET User as db_owner to the login user, can possible the login
    user do some bad thing to my db system? Thanks...





    sp_addrolemember 'db_owner', <ASP.NET User Account>"
     
    LL, Oct 21, 2003
    #1
    1. Advertising

  2. LL

    John Doe Guest

    db_owner can do anything in the database so that is
    opening up a large hole. In case you have not written an
    application that is not vurnable to sql injection.


    >-----Original Message-----
    >Hi,
    >
    >If Assign ASP.NET User as db_owner to the login user, can

    possible the login
    >user do some bad thing to my db system? Thanks...
    >
    >
    >
    >
    >
    >sp_addrolemember 'db_owner', <ASP.NET User Account>"
    >
    >
    >.
    >
     
    John Doe, Oct 22, 2003
    #2
    1. Advertising

  3. LL

    LL Guest

    Thanks for the hlep.

    How to avoid that? I only need the login user can insert, modify to the
    specify DB.

    "John Doe" <> wrote in message
    news:03a301c3982d$7ca8bf90$...
    > db_owner can do anything in the database so that is
    > opening up a large hole. In case you have not written an
    > application that is not vurnable to sql injection.
    >
    >
    > >-----Original Message-----
    > >Hi,
    > >
    > >If Assign ASP.NET User as db_owner to the login user, can

    > possible the login
    > >user do some bad thing to my db system? Thanks...
    > >
    > >
    > >
    > >
    > >
    > >sp_addrolemember 'db_owner', <ASP.NET User Account>"
    > >
    > >
    > >.
    > >
     
    LL, Oct 22, 2003
    #3
  4. LL

    Jerry III Guest

    Just use the permissions button in Enterprise manager or lookup GRANT in
    T-SQL to setup only the permissions your application login needs.

    Jerry

    "LL" <> wrote in message
    news:unTU1%...
    > Thanks for the hlep.
    >
    > How to avoid that? I only need the login user can insert, modify to the
    > specify DB.
    >
    > "John Doe" <> wrote in message
    > news:03a301c3982d$7ca8bf90$...
    > > db_owner can do anything in the database so that is
    > > opening up a large hole. In case you have not written an
    > > application that is not vurnable to sql injection.
    > >
    > >
    > > >-----Original Message-----
    > > >Hi,
    > > >
    > > >If Assign ASP.NET User as db_owner to the login user, can

    > > possible the login
    > > >user do some bad thing to my db system? Thanks...
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >sp_addrolemember 'db_owner', <ASP.NET User Account>"
    > > >
    > > >
    > > >.
    > > >

    >
    >
     
    Jerry III, Oct 23, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nicholas
    Replies:
    3
    Views:
    878
    nicholas
    Oct 4, 2004
  2. Patrick Olurotimi Ige

    Huge security hole in .NET: Java creator

    Patrick Olurotimi Ige, Feb 7, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    363
    Kevin Spencer
    Feb 7, 2005
  3. Andrew Thompson

    Is this a security hole?

    Andrew Thompson, Aug 6, 2004, in forum: Java
    Replies:
    7
    Views:
    416
    Andrew Thompson
    Aug 6, 2004
  4. Blair P. Houghton
    Replies:
    19
    Views:
    529
    Blair P. Houghton
    Feb 2, 2006
  5. Chuck
    Replies:
    3
    Views:
    534
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Feb 8, 2007
Loading...

Share This Page