SHOWPLAN permission in SQL 2005 > Discussions

July 30, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: SHOWPLAN permission in SQL 2005

Prev Next

Add Reply

Author

Messages

John (guest)

06/08/2009 6:38 AM	Quote Reply Alert
Quoting from SQL Server 2008 Books Online - Users who have SHOWPLAN permission can view queries that are captured in Showplan output. These queries may contain sensitive information such as passwords. Which passwords are they referring to? Can it be a password from the owner of a SQL agent job that is using the sa account? Thanks in advance.

Chip Andrews
Posts:113

06/10/2009 5:58 PM	Quote Reply Alert
They are referring to input that may be placed in queries or passed to stored procedures. Of course - passwords are just an example. Other data could be social security numbers, account numbers, physical addresses, names, anything! Chip

Add Reply

Forums > Discussions > SQL Server Security > SHOWPLAN permission in SQL 2005

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6