What harm can DBO do to the server?
Apart from running XP_CmdShell, which was disabled in my SQL 2005 installation, what a malicious user who gets DBO rights on my database can do:
- To my database
- To my server?
I am assessing the worst-case risk for someone getting a DBO to justify running the least privileged user account in the application. Some argue that because we are not dealing with "sensitive data," the impact of someone receiving a DBO is minimal.
source to share
dbo is the owner of the database, which may or may not be sa. As a dbo, you basically have fluency over your own database - obviously this could lead to permissions changes, dropped tables, etc.
As sa, you have fluency over the server. This includes installing new extended procedures (or .NET assemblies if you're using the CLR), as well as anything dbo can do (for all databases). And you can also enable xp_cmdshell again.
source to share
Lots of information online about SQL injection. Restricting the privileges of a user connected to SQL is a very important drawback.
http://en.wikipedia.org/wiki/SQL_injection
Here's a simple, scary example that I came across a couple of years ago. The website generates SQL data on the fly using URLs and runs it. I was able to guess that urls like
www.blah.com/.../load.aspx? Itemid = 1
created SQL like this
SELECT * FROM elements where id = 1
so i sent this url:
www.blah.com/.../load.aspx? itemid = 1; drag table elements
bangs.
At least if there was no dbo connection to the db it failed.
source to share