How do I avoid a security exposure using XP_SendMail

70 pts.
Tags:
SQL Server security
SQL Server stored procedures
XP_Sendmail
I'm using XP_Sendmail in a trigger on my database. In order to run the trigger, I have to give database access to the "guest" user. I'm concerned about security. I've tried a Stored Proc called SP_Sendmail that calls XP_Sendmail, but I still have to grant db access to the "guest". Any help here would be appreciated. Thanks, Arlin
ASKED: February 9, 2009  4:37 PM
UPDATED: February 17, 2009  11:30 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Create a ‘service account’ in SQL that has just the rights and permissions necessary to execute the ‘XP_SendMail’ Stored Procedure. This will satisfy your security requirements of not granting access to the guest account.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Denny Cherry
    Can you provide more information about what you are trying to do with the xp_sendmail? I assume because you are using xp_sendmail you are using SQL 2000? By granting the guest account access to the database, you will be granting anyone who accesses your SQL Server access to what ever rights the roles you have assigned the guest account (public by default, but you may have granted other roles). In otherwords you have have setup yourself with a security problem. What roles did you grant the guest account? What rights have you granted the public role by default? Is there any reason that the email must be sent when the trigger runs, and couldn't be sent later on via a scheduled job?
    65,450 pointsBadges:
    report
  • Denny Cherry
    Johro, Not when the xp_sendmail is being called via a trigger.
    65,450 pointsBadges:
    report
  • Arlin
    I've been away and just now catching up on the thread. I'll try the "service account" approach tomorrow. Thanks, Arlin
    70 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following