What are the risks with ASPNET/Network Service having sysadmin role in SQL Server Express 2005?

Discussion in 'ASP .Net' started by Bogdan Jokel, Jan 15, 2010.

  1. Bogdan Jokel

    Bogdan Jokel Guest

    Hi,

    I have a sql server express 2005 instance where BUILTIN\Users and
    BUILTIN\Administrators are dropped from 'sysadmin' role. This is primarily
    for non-asp.net apps (i.e. native apps).
    I also have an ASP.NET app that connects to the instance to access a
    database. The IIS user (ASPNET or Network Service) is currently assigned
    'sysadmin' role. This is mainly to avoid granting exec permissions on
    stored procedures - application specific as well as asp.net membership - to
    the IIS user.
    All database queries are purely stored proc based. The sql server instance
    is configured for Windows Authentication only.

    Is there a risk associated with the above approach?

    Thanks,
    Bogdan
    Bogdan Jokel, Jan 15, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ad
    Replies:
    7
    Views:
    657
    Scott Allen
    Apr 11, 2005
  2. farseer

    SQL Server 2005 + SQL Server Express

    farseer, Aug 7, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    333
    farseer
    Aug 8, 2006
  3. Brad  Brening
    Replies:
    0
    Views:
    429
    Brad Brening
    Mar 1, 2007
  4. Replies:
    0
    Views:
    93
  5. Jake Henderson

    Visual Web Developer 2005 Express and SQL 2005 Express

    Jake Henderson, Mar 10, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    213
    Jake Henderson
    Mar 10, 2006
Loading...

Share This Page