Threat and Vulnerability Mitigation (Integration Services)
Although Integration Services includes a variety of security mechanisms, packages and the files that packages create or use could be exploited for malicious purposes.
The following table describes these risks and the proactive steps that you can take to lessen the risks.
Threat or vulnerability
The source of a package is the individual or organization that created the package. Running a package from an unknown or untrusted source might be risky.
Identify the source of a package by using a digital signature, and run packages that come from only known, trusted sources. For more information, see Identify the Source of Packages with Digital Signatures.
Package contents include the elements in the package and their properties. The properties can contain sensitive data such as a password or a connection string. Package elements such as an SQL statement can reveal the structure of your database.
Control access to a package and to the contents by doing the following steps:
When you configure a package to use configurations, checkpoints, and logging, the package stores this information outside the package. The information that is stored outside the package might contain sensitive data.
To protect configurations and logs that the package saves to SQL Server database tables, use SQL Server security features.
To control access to files, use the access control lists (ACLs) available in the file system.
For more information, see Access to Files Used by Packages