5

I have another database Ydb accessing data in database Kdb. They both have the same owner.
In order to allow cross database chaining, it seems I need the guest user to be enabled in Kdb.

I did so like this:

USE [master];
GO
ALTER DATABASE Ydb SET DB_CHAINING ON;
ALTER DATABASE Kdb SET DB_CHAINING ON;
GO
USE [Kdb]
GO
GRANT CONNECT TO guest;

I realize this means stored procedures in Ydb created by Ydb's owner may freely access objects in Kdb when created by the same login. What kinds of attacks does this open up?

asked Jul 20, 2012 at 18:13

1 Answer 1

3

It does not open up directly to an "attack". It just means that any user from Database 1 (Kdb) can also access database 2 (Ydb). What's usually more critical is, when you have users with DDL-Permissions (create views, procedures) - they will also be able to access objects in database2. Maybe even more, than plain guests can. That depends on the object owners and permissions you are planning to grant to guest(s).

Under SQL Server before 2012, there was one little security hole, described here: Security-issue: guest-guest impersonation, but this is a very limited scenario

answered Oct 26, 2013 at 12:49

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.