Sdílet prostřednictvím


Threat and Vulnerability Mitigation (Integration Services)

Although Integration Services includes a variety of security mechanisms, packages and the files that packages create or use could be exploited for malicious purposes.

The following table describes these risks and the proactive steps that you can take to lessen the risks.

Threat or vulnerability

Definition

Mitigation

Package source

The source of a package is the individual or organization that created the package. Running a package from an unknown or untrusted source might be risky.

Identify the source of a package by using a digital signature, and run packages that come from only known, trusted sources. For more information, see Using Digital Signatures with Packages.

Package contents

Package contents include the elements in the package and their properties. The properties can contain sensitive data such as a password or a connection string. Package elements such as an SQL statement can reveal the structure of your database.

Control access to a package and to the contents by doing the following steps:

  • To control access to the package itself, apply SQL Server security features to packages that are saved to the msdb database in an instance of SQL Server. To packages that are saved in the file system, apply file system security features, such as access controls lists (ACLs).

  • To control access to the package's contents, set the protection level of the package.

For more information, see Security Overview (Integration Services) and Setting the Protection Level of Packages.

Package output

When you configure a package to use configurations, checkpoints, and logging, the package stores this information outside the package. The information that is stored outside the package might contain sensitive data.

To protect configurations and logs that the package saves to SQL Server database tables, use SQL Server security features.

To control access to files, use the access control lists (ACLs) available in the file system.

For more information, see Controlling Access to Files Used by Packages

Integration Services icon (small) Stay Up to Date with Integration Services

For the latest downloads, articles, samples, and videos from Microsoft, as well as selected solutions from the community, visit the Integration Services page on MSDN or TechNet:

For automatic notification of these updates, subscribe to the RSS feeds available on the page.