Skip to content

Disable User Options Server Configuration

Description

Microsoft SQL Server is capable of providing a wide range of features and services. Some of the features and services provided by default may not be necessary and enabling them could adversely affect the security of the system. The 'user options' setting specifies global defaults for all users. A list of default query processing options is established for the duration of a user's work session. The 'user options' allows you to change the default values of the SET options (if the server's default settings are not appropriate). This rule checks that 'user options' feature is disabled.

Rationale

Changing system wide user options may add unneeded attack surface.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'user options' is set to 0
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'user options', "0")

    return {
        success,
    }
}

validate(databaseSettings)