Indexed view tampering in SQL Server backups can expose cross-database data after restore. In this article, you’ll learn how restore-boundary attacks work – and how to defend against them.
In my previous article, I showed how SQL Server’s own internal mechanisms could be used as a data exfiltration channel when a tampered backup crossed the restore boundary. This time, I want to explore a different variation of the same broader problem.
This article describes a restore-boundary weakness involving indexed views. An attacker prepares a database backup on an attacker-controlled instance, tampers with the persisted definition of an indexed view, and