Geek Answers Handbook

Windows Authentication and Network Service Account as db_owner

There are a number of commercial products that Windows-based installers provide you with to customize your application and SQL Server database. It usually asks if you want to connect to the database using Windows or SQL Server authentication. Most of them recommend using Windows Auth and then setting up your database with the Network Service account assigned to the db_owner database role. I understand that Windows authentication is more secure because you do not need to store credentials in web.config and send them over the network when authenticating to SQL Server, but is this a safe configuration for production environments where the network service account is db_owner? Any specific risks we should be aware of?

Thanks StingyJack,

I heard what you say: they first need to log into the database as a user of the network service. Is there an easy way to do this?

I am really trying to find out if there are any inherent risks associated with the fact that this is the default network security service account that is assigned the db_owner role.

+5
source share
3 answers

Using NETWORK SERVICE as db_owner is probably suitable for many environments.

, Windows, , SQL Server, .

:

  • , NETWORK SERVICE, , NETWORK. , .
  • db_owner, , , , /, . , . , , .
+3

, ( ) , dbo . DROP TABLE, SELECT * FROM PASSWORDS ..

SQL Injection , Windows Auth dbo, , .

, () , .

, x a b c, y c. .

+1

(domain\machine $) ( , , , - lact haxor), -.

, ( " " ).

- SQL-. , db.

An additional risk of having db_owner is DROP TABLE, even DROP DATABASE attacks. Without db_owner, this is still dangerous, for example, "SELECT * FROM usertable WHERE 1 = 1".

Unfortunately, you have no choice with commercial or third-party applications for using stored procedures, least resolution, etc.

You may be able to reduce privileges after installation.

+1
source

More articles:


All Articles