# SQL server defense ## Defending against relay attacks from public role abuse A 7MinSec customer reported this was an effective way to remove the ability for attackers to play games with stored procedures: ``` USE master; GO REVOKE EXECUTE ON OBJECT::dbo.xp_dirtree FROM PUBLIC; REVOKE EXECUTE ON OBJECT::dbo.xp_fileexist FROM PUBLIC; REVOKE EXECUTE ON OBJECT::dbo.xp_cmdshell FROM PUBLIC; ``` ## Video demo