patternsqlMinor
Potential risks of users connecting to SQL Server, through Excel, as sysadmin?
Viewed 0 times
excelsqlconnectingusersriskssysadminthroughserverpotential
Problem
I recently discovered that a large swath of the finance department is using Excel to connect to my SQL Server 2000 instance with an account in the sysadmin role. What are my current risks that I should immediately communicate to the powers that be?
Solution
Pretty much everything.
I'd start with their potential ability to use
Further risks include not just finance users being able to do these things, but any program on a finance machine gaining access to your sysadmin connection credentials...
(Other potential risks include the risk of discovering that one of TPTB set it up this way)
I'd start with their potential ability to use
xp_cmdshell (and sp_configure if they can't, so then they can ... and whatever the account returned by xp_cmdshell 'whoami.exe' can do....), then move onto their ability to do drop database.Further risks include not just finance users being able to do these things, but any program on a finance machine gaining access to your sysadmin connection credentials...
(Other potential risks include the risk of discovering that one of TPTB set it up this way)
Context
StackExchange Database Administrators Q#25425, answer score: 9
Revisions (0)
No revisions yet.