Re: Inexplicable security lapse?
From: Richard Buchsbaum (rb539@columbia.edu)
Date: 07/26/02
- Next message: Rino D'Errico: "Re: Migrating from NT to Win2k in native mode"
- Previous message: Dan Guzman: "Re: Block Admin access to my data"
- In reply to: Jasper Smith: "Re: Inexplicable security lapse?"
- Next in thread: Sue Hoegemeier: "Re: Inexplicable security lapse?"
- Reply: Sue Hoegemeier: "Re: Inexplicable security lapse?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Richard Buchsbaum" <rb539@columbia.edu> Date: Fri, 26 Jul 2002 09:15:09 -0400
Jasper:
No, the ODBC DNS is specifically set up to use SQL Server authentication.
The machine in question does log on, as an administrator and with integrated
(NT) security, to another SQL Server (different server and different domain
than the SQL Server I'm talking about).
Any possibility that the permissions for the two SQL servers are interfering
with each other? There is no trust set up between the two domains that I
know of...
Anyway, this seems (is!) a terrible breach of security, which I MUST close
up. Help, please!
Thanks,
Richard
"Jasper Smith" <jasper_smith9@hotmail.com> wrote in message
news:OcJbGcBNCHA.2688@tkmsftngp11...
> The PC that connects without prompting for a login and
> gives too much access is probably using NT Authentication
> Is that PC logged on as a user with access to SQL anyway ?
>
> HTH
> Jasper Smith
>
> "Richard Buchsbaum" <rb539@columbia.edu> wrote in message
> news:#nrl3HANCHA.1584@tkmsftngp12...
> > Hi:
> >
> > In a SQL Server 2000, I have created a standard (SQL Server) login and
> > corresponding user. The user is a member of only the public role on only
> one
> > database. I have individually granted this user Select permission on a
> > single view. That's it - nothing else.
> >
> > When I create an ODBC User DSN using this login, and try to access the
> data
> > (linking tables to an Access 2002 .mdb file), I get different results on
> > different: One computer seems to work properly, allowing read-only
access
> to
> > the view (along with access to the dtproperties, syscontraints, and
> > syssegments tables). But trying this on another computer allows read and
> > write access to every table and view in the database!
> >
> > Help! I need to implement strict security for this database, especially
on
> > the offending computer. Any guidance would be appreciated.
> >
> > (One interesting point - when linking through Access, the machine with
the
> > proper permissions prompts me for the login's password, while the
machine
> > with the "breach" does not. Hmmm...)
> >
> > Thanks in advance,
> >
> > Richard
> >
> >
>
>
- Next message: Rino D'Errico: "Re: Migrating from NT to Win2k in native mode"
- Previous message: Dan Guzman: "Re: Block Admin access to my data"
- In reply to: Jasper Smith: "Re: Inexplicable security lapse?"
- Next in thread: Sue Hoegemeier: "Re: Inexplicable security lapse?"
- Reply: Sue Hoegemeier: "Re: Inexplicable security lapse?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
