LOGON TRIGGER failures disclose excess information - by ktegels2

Status : 

  By Design<br /><br />
		The product team believes this item works according to its intended design.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 237008 Comments
Status Closed Workarounds
Type Bug Repros 1
Opened 11/9/2006 2:28:02 PM
Access Restriction Public


**NOTE: Build is 3047***

When a logon trigger rolls back, the message to user discloses that a trigger caused the logon to be cancelled in some cases. Additionally, SSMS discloses the name of database (master) that it doesn't need to.

If a logon trigger is used for security reasons, these disclosures provide information that would be useful in staging follow-on attacks against the system. Such disclosures should be removed.
Sign in to post a comment.
Posted by Jose Mathew on 9/8/2008 at 9:47 AM
Echoing the same with others who already commented.
It would be much much better if this display the error message raised using RAISEERROR.
(Let it show the default current message if not specified)

Also emailing should be there for very critical database access attempts.

Please have this in a hotfix at the earliest conveniece if its not making a big DEV , TEST impact.

Posted by Sm00ches on 5/14/2008 at 2:32 PM
I'd also like to be able to create custom alerts when the trigger runs!!
Posted by Cristian Lefter on 9/22/2007 at 4:08 AM
Logon Triggers cannot display messages by design. Any output of PRINT or RAISERROR goes to SQL Server log.
Posted by Microsoft on 11/10/2006 at 11:17 AM

The new error exposed (Msg 17892: Logon failed for login <login> due to trigger execution) is by design. We want to distinguish login failure due to trigger execution vs other login failure (such as wrong password) to help with DBA debugging, without revealing any additional information about the trigger content for security purposes.

Tomer Verona
SQL Server Development
Posted by Razvan Socol on 11/10/2006 at 7:37 AM
The error number (17892) already indicates that it failed due to trigger execution (the normal error number is 18456). I'd say that it's better to display the error message raised using RAISERROR. The message should show whatever the creator of the trigger wants.