Mustafa EL-Masry SQL Server 2014

Breakthrough in SQL Server 2012 Security fixed by SQLServer 2014


Hi dear we have big bug in SQL Server 2012 security this from my personal view it’s Breakthrough in SQL Server 2012 Security in SQL Server 2012 can the user IMPERSONATE another user and take his privilege and do what he need What !! what i am saying is fact in SQL Server 2012 but it’s fixed in SQL Sever 2014 let’s go for demo:

Open your SQL Server 2014 and open 2 sessions

First Session : Create sysadmin user and read user

1- Sysadmin user

USE [master]
GO
CREATE LOGIN [adminuser] WITH PASSWORD=N’admin’, DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [adminuser]
GO

2- Read user

USE [master]
GO
CREATE LOGIN [Readeruser] WITH PASSWORD=N’P@$$w0rd’
GO

Continue reading “Breakthrough in SQL Server 2012 Security fixed by SQLServer 2014”