SQL Server instance with 'contained database authentication' flag enabled

Authentication

SQL Server instance with ‘contained database authentication’ flag enabled

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
GCP CIS
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Contained databases have some unique threats that should be understood and mitigated by SQL Server Database Engine administrators. Most of the threats are related to the USER WITH PASSWORD authentication process, which moves the authentication boundary from the Database Engine level to the database level, hence this is recommended to disable this flag.

Recommended Mitigation

Add the following database flag: 'contained database authentication=off'.

SQL Server instance with ‘contained database authentication’ flag enabled

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS