locked
Risk granting view definition to application logins for sp_helptext queries RRS feed

  • Question

  • I have an interesting request for view definition for all application logins to determine correct SP definitions are being deployed when executing sp_helptext by the apps. Usually I only grant view definition to users that need this information but they are trying to automate that process. I am concerned with security issues that may result. Can anyone think of any reason (e.g., sql injection) why this is not a good idea?
    Friday, August 28, 2015 9:50 PM

Answers

  • The lack of VIEW DEFINITION permission provides a secondary level of defense if a SQL injection vulnerability is exploited.  With VIEW DEFINITION permissions, a hacker that gains access under the application security context could see the underlying proc code.  This knowledge won't be a big deal if no permissions are granted on those objects but will facilitate intrusion if the account also has permissions on those objects.

    I think a better approach would be to deploy and validate using a privileged account rather than the application logins.  That would eliminate the need to grant more permissions than actually needed for application execution.

     


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    Friday, August 28, 2015 10:57 PM