HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

What are the security implications of sp_executesql?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
thewhatareimplicationssecuritysp_executesql

Problem

By default, in SQL Server, the [public] role has EXECUTE rights on sp_executesql.

However, I've inherited a database server where the previous DBA has revoked the EXECUTE right on sp_executesql.

As a temporary workaround, I've been granting EXECUTE rights to sp_executesql on an as-needed basis (through a role in the master database). But this is beginning to be a maintenance pain.

If I grant EXECUTE back to public, are there any repercussions I need to be aware of?

Solution

None. sp_executesql executes SQL, under exactly the same context and privileges as the original caller would execute the same SQL. There are many, many, cases when dynamic SQL is unavoidable.

Context

StackExchange Database Administrators Q#16101, answer score: 8

Revisions (0)

No revisions yet.