本文介绍了DBO权利风险的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我建议一个朋友管理一个SQL 2k5框,该框具有多个可以对多个数据库进行dbo访问的用户.问题是:

I'm advising a friend who manages a SQL 2k5 box that has several users who have dbo access to multiple databases. The problem is:

  1. 这些用户几个月来都没有更改过密码,
  2. 这些用户将其ID放入应用程序中,并且这些应用程序作为DBO运行.

那么-除了明显的dbo添加/更新/删除表和proc的权利外,对于拥有dbo的SQL 2005数据库的恶意用户,我还能列举哪些危险?

So - aside from the obvious dbo rights to add/update/delete tables and procs, what dangers can I cite for a malicious user having dbo to a SQL 2005 database?

我想提供对数据库和其他用户造成危害的特定方案. dbo可以更改服务器上的文件分配吗? DBO会影响未直接连接到该数据库的其他资源吗?

I'd like to provide specific scenarios that pose harm to the database and other users. Could a dbo change file allocations on the server? Could a DBO affect other resources not directly connected to that database?

为澄清起见,这是SQL Server 2005,默认情况下,xp_cmdShell未获得DBO用户的授权.我仍然想知道,除了明显的CRUD之外,是否还有其他风险.有人可以用DBO做什么?

As a clarification, this was SQL Server 2005, and by default xp_cmdShell wasn't authorized for DBO users. I'm still wondering if there are risks beyond the obvious CRUD. What can someone do with DBO?

推荐答案

是. dbo有权在数据库上执行任何操作.甚至运行xp_cmdshell.并且一旦您可以运行xp_cmdshell,就可以在系统上执行几乎所有操作.只要dbo拥有sysadmin权限(默认情况下具有sysadmin权限),这一切就可以实现.

yes. dbo has rights to do whatever it wants on the database. even run xp_cmdshell. and once you can run xp_cmdshell you can do pretty much anything on the system.this is all possible provided dbo has sysadmin rights which by default it has.

这篇关于DBO权利风险的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-13 09:11