的用户有权限通过sql mail使用sql server的文件吗?sql mail和 sql代理帐号一样运行在相同安全条件下。默认情况下,sql代理运行在本地系统帐号下。如果用户能存取sql server数据库里的系统扩展存储过程xp_sendmail,那么就会有安全漏洞了。
通过给系统扩展存储过程xp_sendmail附加参数,用户就可以获得存取服务器上的文件的权限。通过一个方法你就可以保护xp_sendmail:把它封装倒一个存储过程中去,使附加参数非public。许可受这个存储过程的保护,把许可从xp_sendmail中取消。
下面基本的工作模板,你用它就可以保护xp_sendmail:
use master
go
-- =============================================
-- create procedure basic template
-- =============================================
-- creating the store procedure
if exists (select name
from sysobjects
where name = n'sp_sendmail'
and type = 'p')
drop procedure sp_sendmail
go
create procedure sp_sendmail
@in_recipients varchar(8000) = '<default email address>'
,@in_message varchar(8000)= 'test'
,@in_query varchar(8000)= ''
,@in_copy_recipients varchar(8000)= null
,@in_blind_copy_recipients varchar(8000)= null
,@in_subject varchar(80)= 'test'
,@in_type varchar(80)= null
,@in_attach_results varchar(80)= null
,@in_no_output varchar(8)= null
,@in_no_header varchar(8)= null
,@in_width int = 10
,@in_separator varchar(8)= null
,@in_echo_error varchar(8000)= null
,@in_set_user varchar(256) = null
,@in_dbuse varchar(256) = null
as
declare @attachments varchar(8000)
set @in_recipients = '<default dba email address>;' + @in_recipients
exec master..xp_sendmail
@recipients = @in_recipients
,@message = @in_message
,@query = @in_query
,@attachments = ' '
,@copy_recipients = @in_copy_recipients
,@blind_copy_recipients = @in_blind_copy_recipients
,@subject = @in_subject
,@type = @in_type
,@attach_results = @in_attach_results
,@no_output = @in_no_output
,@no_header = @in_no_header
,@width = @in_width
,@separator = @in_separator
,@echo_error = @in_echo_error
,@set_user = @in_set_user
,@dbuse = @in_dbuse
go
-- example to execute the store procedure
execute sp_sendmail
go
-- example to grant permissions to the store procedure
grant execute on sp_sendmail to public
go
revoke execute on xp_sendmail to public
go
新闻热点
疑难解答
