讨论一下吧
---------------------------------------------------------------
SQL Server FAQ: How Do I Increase Security For DTS Packages?
FAQ Rating Total number of votes [4]
By: rmarda
Email : [email protected]
Last Modified: 05/03/2002
Did you know that anyone with a valid login to your SQL Server can see and execute all DTS packages on that server via Enterprise Manager??They can also add as many new DTS packages as they want.?This is because access to the stored procedures that perform these activities defaults to the public role.
To block this kind of activity, remove the execute permissions from the following stored procedures found in the msdb database:
sp_add_dtspackage
When permissions are removed from this stored procedure standard users can no longer add DTS packages.
sp_enum_dtspackages
When permissions are removed from this stored procedure standard users can no longer see existing DTS packages.
sp_get_dtspackage
When permissions are removed from this stored procedure standard users can no longer open nor execute existing DTS packages.
After doing this you can add more security by resaving each DTS Package and assigning a owner password and/or a user password.
Let me give credit to the authors of the book SQL Server 2000 DTS (Brian Knight is one of them) for explaining this to me and pointing me to these three stored procedures.
---------------------------------------------------------------
- make sure the password for 'sa' account isn't blank
- block TCP port 1443 and UDP port 1434 on your firewall if your
sql server don't require direct Internet access
---------------------------------------------------------------
摘:
SQL Server安全规划全攻略
中华企业信息港 加入时间 2002-5-28 15:48:00 阅读:1010
自动滚屏(右键暂停)