Skip to content

Disable Trustworthy Database Property

Description

The TRUSTWORTHY database property is used to indicate whether the instance of SQL Server trusts the database and the contents within it. By default, this setting is OFF, but can be set to ON by using the ALTER DATABASE statement.

This property can be used to reduce certain threats that can exist as a result of attaching a database that contains one of the following objects:

Malicious assemblies with an EXTERNAL_ACCESS or UNSAFE permission setting. For more information, see CLR Integration Security.

Malicious modules that are defined to execute as high privileged users. For more information, see EXECUTE AS Clause (Transact-SQL).

Rationale

If a database has been detached from a server instance, it is possible that an attacker could have modified the file storing the database to add unsafe CLR assemblies. In the typical scenario, where the database has not been detached, having the Trustworthy Database property set to OFF will impede an attacker from adding unsafe CLR assemblies to the database.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { isEmptyArray } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'isTrustworthyOn' is set to 0
 */
function validate(databaseSettings) {
    success = isEmptyArray(databaseSettings.databases) ||
              isEmptyArray(databaseSettings.databases.filter(database =>
                  database.sqlserver.name !== "msdb" &&
                  database.sqlserver.isTrustworthyOn))

    return {
        success,
    }
}

validate(databaseSettings)