473,320 Members | 1,933 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Security hole?

LL
Hi,

If Assign ASP.NET User as db_owner to the login user, can possible the login
user do some bad thing to my db system? Thanks...

sp_addrolemember 'db_owner', <ASP.NET User Account>"
Nov 17 '05 #1
5 1272
db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.

-----Original Message-----
Hi,

If Assign ASP.NET User as db_owner to the login user, can possible the loginuser do some bad thing to my db system? Thanks...

sp_addrolemember 'db_owner', <ASP.NET User Account>"
.

Nov 17 '05 #2
db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.

-----Original Message-----
Hi,

If Assign ASP.NET User as db_owner to the login user, can possible the loginuser do some bad thing to my db system? Thanks...

sp_addrolemember 'db_owner', <ASP.NET User Account>"
.

Nov 17 '05 #3
LL
Thanks for the hlep.

How to avoid that? I only need the login user can insert, modify to the
specify DB.

"John Doe" <an*******@discussions.microsoft.com> wrote in message
news:03****************************@phx.gbl...
db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.

-----Original Message-----
Hi,

If Assign ASP.NET User as db_owner to the login user, can

possible the login
user do some bad thing to my db system? Thanks...

sp_addrolemember 'db_owner', <ASP.NET User Account>"
.

Nov 17 '05 #4
LL
Thanks for the hlep.

How to avoid that? I only need the login user can insert, modify to the
specify DB.

"John Doe" <an*******@discussions.microsoft.com> wrote in message
news:03****************************@phx.gbl...
db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.

-----Original Message-----
Hi,

If Assign ASP.NET User as db_owner to the login user, can

possible the login
user do some bad thing to my db system? Thanks...

sp_addrolemember 'db_owner', <ASP.NET User Account>"
.

Nov 17 '05 #5
Just use the permissions button in Enterprise manager or lookup GRANT in
T-SQL to setup only the permissions your application login needs.

Jerry

"LL" <li*******@hotmail.com> wrote in message
news:un****************@TK2MSFTNGP09.phx.gbl...
Thanks for the hlep.

How to avoid that? I only need the login user can insert, modify to the
specify DB.

"John Doe" <an*******@discussions.microsoft.com> wrote in message
news:03****************************@phx.gbl...
db_owner can do anything in the database so that is
opening up a large hole. In case you have not written an
application that is not vurnable to sql injection.

-----Original Message-----
Hi,

If Assign ASP.NET User as db_owner to the login user, can

possible the login
user do some bad thing to my db system? Thanks...

sp_addrolemember 'db_owner', <ASP.NET User Account>"
.


Nov 17 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

32
by: Chung Leong | last post by:
Building web sites with PHP is easy. Building secured web sites--in any language--is hard. The end result is many PHP sites with security issues. I thought therefore it would be a good idea to put...
28
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
6
by: WhenAmIOn.com | last post by:
Hi all, I developed a web site that uses javascript and XMLHTTP to dynamically load info on the page from the server without having to re-load the page. Recently I've received complaints of it...
9
by: Pascal Vyncke | last post by:
Hi, I discovered a NEW security hole / exploit in IE6 with SP2 and all the latest security patches. Overview of the exploit: * Bug for all Microsoft Internet Explorer users * Can be...
11
by: comp.lang.php | last post by:
On one of my sites, I have a TCL CGI script that has a security hole in spite of it having effective server-side validation (the fact that it's CGI IS its security hole). The front end is a PHP...
32
by: Mike MacSween | last post by:
Further to 'Security - more complex than I thought' Has anybody ever seen any studies? Or anecdotal evidence? Done any studies themselves? Done any lab testing - you know - 10 users asked to get...
4
by: Patrick Olurotimi Ige | last post by:
Huge security hole in .NET: Java creator http://www.zdnet.com.au/news/security/0,2000061744,39179932,00.htm *** Sent via Developersdex http://www.developersdex.com *** Don't just participate...
19
by: Blair P. Houghton | last post by:
I'm just learning Python, so bear with. I was messing around with the webbrowser module and decided it was pretty cool to have the browser open a URL from within a python script, so I wrote a...
3
by: Chuck | last post by:
Hello, Does Dotnet 2.0 Framework still have the security hole that Dotnet 1.1 Framework had regarding HTTP-Post method for web services? TIA
1
by: =?iso-8859-1?B?QW5kcuk=?= | last post by:
A security hole has been uncovered in Crunchy (version 0.9.1.1 and earlier). Anyone using Crunchy to browse web tutorials should only visit sites that are trustworthy. We are working hard at...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.