What harm can DBO do to the server?
Apart from running XP_CmdShell, which was disabled in my SQL 2005 installation, what a malicious user who gets DBO rights on my database can do:
- To my database
- To my server?
I am assessing the worst-case risk for someone getting a DBO to justify running the least privileged user account in the application. Some argue that because we are not dealing with "sensitive data," the impact of someone receiving a DBO is minimal.
it can run any XP_ sproc, so it can mess up the registry and mess up your entire server for something. drag / drop tables, etc.
dbo is the owner of the database, which may or may not be sa. As a dbo, you basically have fluency over your own database - obviously this could lead to permissions changes, dropped tables, etc.
As sa, you have fluency over the server. This includes installing new extended procedures (or .NET assemblies if you're using the CLR), as well as anything dbo can do (for all databases). And you can also enable xp_cmdshell again.
Lots of information online about SQL injection. Restricting the privileges of a user connected to SQL is a very important drawback.
http://en.wikipedia.org/wiki/SQL_injection
Here's a simple, scary example that I came across a couple of years ago. The website generates SQL data on the fly using URLs and runs it. I was able to guess that urls like
www.blah.com/.../load.aspx? Itemid = 1
created SQL like this
SELECT * FROM elements where id = 1
so i sent this url:
www.blah.com/.../load.aspx? itemid = 1; drag table elements
bangs.
At least if there was no dbo connection to the db it failed.
To put it bluntly, if he owns your database, he loads your database. That is, you can kiss your details goodbye.
That is, you can kiss your details goodbye.
But you have both disk and tape backups, so you're golden!
Yes. Typical protection is "well, at least it can't mess up anything outside of its database" (xp_CmdShell is not included). I, I feel uncomfortable that in my locked closet I had a rapist with a crazy dog. But this analogy is not a big sale to management.