Usage of SP_OACreate, SP_OAMethod etc.. is a security risk?

I am told that usage of SP_OACreate , SP_OAMethod in SQL Server 2000 is of a security risk.

I am using Strong Name in the assembly and is stored in GAC on the SQL Server Machine.

What are 开发者_开发技巧the security implications/compromise ?

These extended stored procedures allow one to instantiate an OLE ("ActiveX") object from inside SQL Server. A typical use case creating an MSXML object and having it send some database data as an HTTP POST.

In my mind, there are two issues with the sp_OACreate etc procedures:

• Only principals in the sysadmin role can execute these by default. Granting and testing these permissions is a pain. (You have to add the user to the Master database and grant them permissions in that database.)

• The permission granted is very broad. You can't just say "ok user, you have the right to create this kind of object and do xyz with it." Instead you say "ok user, you have the right to create any OLE object you want and do anything you want." That is a pretty broad canvas.

Not sure what your attempting but for SQL 2000 you should read Using extended stored procedures or SP_OA stored procedures to load CLR in SQL Server is not supported.

The risk is that you must grant EXECUTE permission on SP_OACreate to the user. This means that if they subsequently found a way to execute arbitrary SQL they could create instances of any library available on the server. Another issue is that SP_OACreate loads the library in-process, so if it bombs, so does your server.