Stored Proceedures

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Paul Johnston
    #1

    Stored Proceedures

    I work in a University and we are looking at installing a MSSQL 2000
    database for students to be able to use for their final year projects.
    Previously we gave them mysql and access. I am quite new to MSSQL and
    was wondering if any of the stored proceedures which get created with
    accounts could lead to any issues, say performance or security. If so
    we could remove them on account creation. Generally the students don't
    do much fancy just access via a web server or windows application but
    often their appreciation of security is limited :-(
    TIA Paul
    Tags: None
    • Simon Hayes
      #2
      Re: Stored Proceedures

      If you're new to MSSQL, it would probably be a good idea to spend some
      time reviewing the security model - see "Managing Security" in Books
      Online, and also the resources here:

      http://www.microsoft.com/sql/techinfo/administration/2000/security/default.mspx


      It's hard to be specific without knowing more about what the students
      will be developing, but if you install the latest servicepack (SP4),
      don't allow users to execute xp_cmdshell or create ActiveX jobs, and
      don't give them database owner privileges, that should prevent some of
      the more obvious abuses. The baseline security analyzer (see the link
      above) is also very useful for finding potential configuration issues.

      Simon

        Comment

        • Paul Johnston
          #3
          Re: Stored Proceedures

          On 22 Jul 2005 06:24:44 -0700, "Simon Hayes" <sql@hayes.ch > wrote:
          [color=blue]
          >If you're new to MSSQL, it would probably be a good idea to spend some
          >time reviewing the security model - see "Managing Security" in Books
          >Online, and also the resources here:
          >
          >http://www.microsoft.com/sql/techinf...y/default.mspx
          >
          >It's hard to be specific without knowing more about what the students
          >will be developing, but if you install the latest servicepack (SP4),
          >don't allow users to execute xp_cmdshell or create ActiveX jobs, and
          >don't give them database owner privileges, that should prevent some of
          >the more obvious abuses. The baseline security analyzer (see the link
          >above) is also very useful for finding potential configuration issues.
          >
          >Simon[/color]

          Cheers will do!
          Paul

            Comment

            Previous template Next
            Working...