patternsqlMinor
What are the security implications of sp_executesql?
Viewed 0 times
thewhatareimplicationssecuritysp_executesql
Problem
By default, in SQL Server, the
However, I've inherited a database server where the previous DBA has revoked the
As a temporary workaround, I've been granting
If I grant
[public] role has EXECUTE rights on sp_executesql.However, I've inherited a database server where the previous DBA has revoked the
EXECUTE right on sp_executesql.As a temporary workaround, I've been granting
EXECUTE rights to sp_executesql on an as-needed basis (through a role in the master database). But this is beginning to be a maintenance pain.If I grant
EXECUTE back to public, are there any repercussions I need to be aware of?Solution
None.
sp_executesql executes SQL, under exactly the same context and privileges as the original caller would execute the same SQL. There are many, many, cases when dynamic SQL is unavoidable.Context
StackExchange Database Administrators Q#16101, answer score: 8
Revisions (0)
No revisions yet.