Register Log in

Careful With Trustworthy Setting

Comments 0

Share to social media

Trustworthy database setting is an easy solution for some problems in the server, especially cross database access. However, this setting has also a security problem in some scenarios.

The scenario that has a security break is the following:

  1. One or more databases are owned by a user with ‘sysadmin’ rights. If the databases were created by a ‘sysadmin’ and the owner didn’t change after that this will happen
  2. Some logins that aren’t ‘sysadmin’ were included in ‘db_owner’ database role of some databases, but not all.
  3. The trustworthy setting is enabled for these databases, owned by ‘sysadmin’ and with one or more logins in ‘db_owner’ database role.

The security break: The users in ‘db_owner’ database role can include themselves in System Administrators server role and take control of the server.

Let’s see an example.

Unless you are completely sure this security break will not be a problem for your environment, you shouldn’t enable trustworthy. Instead enabling trustworthy you can use certificates to sign modules such as stored procedures and achieve the same result with more security.

Load comments

Recommended for you

About the author

Dennes Torres

See Profile

Dennes Torres is a Data Platform MVP and Software Architect living in Malta who loves SQL Server and software development and has more than 20 years of experience. Dennes can improve Data Platform Architectures and transform data in knowledge. He moved to Malta after more than 10 years leading devSQL PASS Chapter in Rio de Janeiro and now is a member of the leadership team of MMDPUG PASS Chapter in Malta organizing meetings, events, and webcasts about SQL Server. He is an MCT, MCSE in Data Platforms and BI, with more titles in software development. You can get in touch on his blog https://dennestorres.com or at his work https://dtowersoftware.com

Dennes's contributions
Dennes's latest contributions: