Windows Authentication and Network Service account as a db_owner

Question

There is a number of commercial products out there, that give you a windows based installers for configuring your app and the back end SQL Server DB. Typically it will ask if you want to connect to the DB with Windows or SQL Server authentication. Most of them make a recommendation to use Windows Auth and then configure your DB with the Network Service account assigned to the db_owner database role. I understand that Windows Authentication is more secure because you don't have to store credentials in web.config and send them over the wire when authentication to SQL Server, but is that a secure configuration for production environments, where the Network Service account is a db_owner? Any specific risks we should be aware of?

---

Thanks StingyJack,

I hear what you are saying, They would have to log in to the DB as a Network Service user first though. Is there an easy way to do that?

What I am really trying to figure out is whether there are any inherent risks associated with the fact that it is the default Network Service account that is assigned the db_owner role.

Answer 1

Using NETWORK SERVICE as a db_owner is probably OK for a lot of environments.

If you want to have a higher degree of security, simply create a separate Windows Account, grant it the minimum access it needs in SQL Server, and then change the application to run under the context of this new account.

The specific risks would be:

• One poorly written application run under the context of NETWORK SERVICE can allow unauthorized access to all the other data that NETWORK SERVICE has access to. You mitigate this risk by creating separate accounts for all applications.
• db_owner is likely more access than the application really needs, which means more potential for abuse/exploitation if you are compromised. You can reduce this quite a bit by picking common sense privileges to grant. Take it too far and you will have diminishing returns and more support headaches, though.