By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,498 Members | 1,564 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,498 IT Pros & Developers. It's quick & easy.

MIcrosft SQLServer Best Practices document on securing SQLServer

P: n/a
I'm chasing after a documetn that was available on one of the Microsoft
websites that was titled somethign like "MS SQL Server Best Practices"
and detailed a nyumber of best practices about securing the server.

Included in this was revoking public access to the system table
objects.

Can someone post the URL where I can pick this up, or drop me a note on
contacting them for a copy of the document?

Jul 29 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a

"byrocat" <bd******@sympatico.ca> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com...
I'm chasing after a documetn that was available on one of the Microsoft
websites that was titled somethign like "MS SQL Server Best Practices"
and detailed a nyumber of best practices about securing the server.

Included in this was revoking public access to the system table
objects.

Can someone post the URL where I can pick this up, or drop me a note on
contacting them for a copy of the document?


You can find the Microsoft security docs, including a best practices white
paper, here:

http://www.microsoft.com/sql/techinf...y/default.mspx

I don't know of any good reason to revoke public permissions on system
tables - it might actually break something if users can't retrieve metadata
for some operations. Books Online states that a REVOKE applied to the public
role applies to all database users, which is probably not desirable in many
cases.

This issue often seems to be raised by IT auditors, probably because it has
somehow became part of an industry-standard audit checklist, but the MS best
practices document says only "do not grant additional permissions to this
role", implying that the existing permissions are fine:

http://www.microsoft.com/technet/pro.../sp3sec02.mspx

Simon

Jul 29 '05 #2

P: n/a
byrocat (bd******@sympatico.ca) writes:
I'm chasing after a documetn that was available on one of the Microsoft
websites that was titled somethign like "MS SQL Server Best Practices"
and detailed a nyumber of best practices about securing the server.

Included in this was revoking public access to the system table
objects.


I would not do this. At least not without extensive testing first.

The fact that all metadata is open to anyone is not entirely
satisfyable, but the opposite is not good either.

In SQL 2005 things are different. Here you can only see metadata
for objects that you have access to. Unfortunately, this important
distinction is not possible to make in SQL 2000.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 29 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.