Cross-database access. Part 3 – the first attempt to use code signing

In previous parts of the series we examined two insecure “solutions”. Even if we were able to get cross-database access, the first one (you can read about it here: Cross-database access. Part 1 – the worst nightmare or why applications should not use sa login) requires sysadmin privilege, the second one (described here: Cross-database access. [...]

Cross-database access. Part 2 – trustworthy databases and dbo as an authenticator

In the previous part “Cross-database access. Part 1 – the worst nightmare or why applications should not use sa login” we saw what happens if an application uses sa login. Now, we are going to discuss a better and more secure, but still not the best, solution. Can a dbo access resources from another database? [...]

Cross-database access. Part 1 – the worst nightmare or why applications should not use sa login

In this series I am going to show you three different ways of enabling cross-database access, starting with the worst, but for whatever reason, still common “solution”. The second one will be better, but still not very secure. Finally, we will see how cryptography can ultimately solve this problem.   Remember, login sa is mapped [...]