Post reply

SQL 2000 DTS Security

  • January 9, 2009 at 6:59 am

    #133582

    We have still have a SQL 2000 server that with a lot of DTS packages. I was shocked to learn that a user with very limited access (public on a database, and SELECT only acces to some tables) using SQL 2000 desktop tools can register our server and create DTS packages. Furthermore, this user can then create DTS Packages that can create and delete objects.

    How can this be prevented?

  • January 9, 2009 at 2:16 pm

    #924593

    In msdb, deny EXECUTE permission to public (and the developer if he's a user in the database) to sp_add_dtspackage.

    In early versions of SQL 2000, members of public could create DTS packages and you had to explicitly prevent it in production.

    Greg

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply