January 9, 2009 at 6:59 am
We have still have a SQL 2000 server that with a lot of DTS packages. I was shocked to learn that a user with very limited access (public on a database, and SELECT only acces to some tables) using SQL 2000 desktop tools can register our server and create DTS packages. Furthermore, this user can then create DTS Packages that can create and delete objects.
How can this be prevented?
January 9, 2009 at 2:16 pm
In msdb, deny EXECUTE permission to public (and the developer if he's a user in the database) to sp_add_dtspackage.
In early versions of SQL 2000, members of public could create DTS packages and you had to explicitly prevent it in production.
Greg
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy