Hello All,
i was wondering if there exists some way to disable all system stored
procedures, as they are vulnerable to attacks specially if they r not
needed within any of my applications.
something like, xp_cmdshell may cause attacks.

i need ur help plz and will appreciate ur response and suggestions

thanx for ur gr8 help

[ Post a follow-up to this message ]

You simply set permissions on those system stored procs. Then you ensure
that your applications connect using other credentials.

That is how you secure your server against cmd.exe from being abused (i.e.
by setting ACLs on cmd.exe), and cmd.exe is basically what you get when
using xp_cmdshell.

Cheers
Ken

<Eng.Rana@gmail.com> wrote in message
news:1150355438.433402.151370@i40g2000cwc.googlegroups.com...
> Hello All,
> i was wondering if there exists some way to disable all system stored
> procedures, as they are vulnerable to attacks specially if they r not
> needed within any of my applications.
> something like, xp_cmdshell may cause attacks.
>
> i need ur help plz and will appreciate ur response and suggestions
>
> thanx for ur gr8 help
>

[ Post a follow-up to this message ]

See my response to your identical post elsewhere.
Is there some specific sys sproc that concerns you ?

<Eng.Rana@gmail.com> wrote in message
news:1150355438.433402.151370@i40g2000cwc.googlegroups.com...
> Hello All,
> i was wondering if there exists some way to disable all system stored
> procedures, as they are vulnerable to attacks specially if they r not
> needed within any of my applications.
> something like, xp_cmdshell may cause attacks.
>
> i need ur help plz and will appreciate ur response and suggestions
>
> thanx for ur gr8 help
>

[ Post a follow-up to this message ]

Ken Schaefer wrote:
> You simply set permissions on those system stored procs. Then you ensure
> that your applications connect using other credentials.
>
> That is how you secure your server against cmd.exe from being abused (i.e.
> by setting ACLs on cmd.exe), and cmd.exe is basically what you get when
> using xp_cmdshell.
>
>


what if i want to protect my server from allllllll the system stored
procedure not only xp_cmd.exe.

there exists manyyyyyyy system stored procedures that may be used in a
malicious way to attack my server and it will be impossible to change
permissions to al these stored procedures 

so,, what do u think??

[ Post a follow-up to this message ]

Name some of these, but not one that may but rather that can be
used to attack your server in malicious way by a SQL user that is
not in any of the Server Roles.

I think you are chasing ghosts.

Roger Abell
(MCDBA and Windows Server Security MVP)

<Eng.Rana@gmail.com> wrote in message
news:1150437581.722642.102690@c74g2000cwc.googlegroups.com...
>
> Ken Schaefer wrote: 
>
>
> what if i want to protect my server from allllllll the system stored
> procedure not only xp_cmd.exe.
>
> there exists manyyyyyyy system stored procedures that may be used in a
> malicious way to attack my server and it will be impossible to change
> permissions to al these stored procedures 
>
> so,, what do u think??
>

[ Post a follow-up to this message ]