RE: Hiding MS SQL databases in Enterprise Manager
tgm_at_elt.com
Date: 11/18/03
- Previous message: Mason, Samuel: "RE: MS03-049 Scanner?"
- Maybe in reply to: Chris Ess: "Hiding MS SQL databases in Enterprise Manager"
- Next in thread: Chris Ess: "RE: Hiding MS SQL databases in Enterprise Manager"
- Reply: Chris Ess: "RE: Hiding MS SQL databases in Enterprise Manager"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: securityfocus@cae.tokimi.net, focus-ms@securityfocus.com Date: Tue, 18 Nov 2003 08:56:15 -0600
If they are using Enterprise Manager to access the databases I don't think
you can stop that. From what I understand, Enterprise Manager uses the SA
login, not a user login. So anyone using it will have complete access and
control unless the database owner is not DBO. You could set the database
permissions so that certain roles can do what they need to do and other
roles can not do anything at all. They may still be able to see the tables,
but not what is in them. This would work with ODBC and other data access
methods.
You should be able to set Enterprise Manager so that only users with
administrator rights could run it.
Terry Meritt
MIS DEV
ELT Inc.
-----Original Message-----
From: Chris Ess [mailto:securityfocus@cae.tokimi.net]
Sent: Monday, November 17, 2003 9:22 AM
To: focus-ms@securityfocus.com
Subject: Hiding MS SQL databases in Enterprise Manager
I figure there has to be a way to do this. Unfortunately, I've been
unable to turn up anything on google, so...
When I create a database in the Microsoft SQL Server, it shows up under
'Databases' in Enterprise Manager for any user who logs in, whether or not
they have permissions to access it. Since this could potentially be a
security issue, I would like to set it up so that users can only see
databases for which they've been assigned a role.
The SQL server uses mixed-mode authentication and cannot be changed.
The server in question is currently Microsoft SQL Server 7, but any advice
or pointers for Microsoft SQL Server 2000 would be appreciated as well.
Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Mason, Samuel: "RE: MS03-049 Scanner?"
- Maybe in reply to: Chris Ess: "Hiding MS SQL databases in Enterprise Manager"
- Next in thread: Chris Ess: "RE: Hiding MS SQL databases in Enterprise Manager"
- Reply: Chris Ess: "RE: Hiding MS SQL databases in Enterprise Manager"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
