Re: Inexplicable security lapse?
From: Sue Hoegemeier (Sue_H@nomail.please)
Date: 07/26/02
- Next message: Nathaniel Locklin: "Re: MS02-039 Installation Question"
- Previous message: Richard Buchsbaum: "Re: Inexplicable security lapse?"
- In reply to: Richard Buchsbaum: "Re: Inexplicable security lapse?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Sue Hoegemeier <Sue_H@nomail.please> Date: Fri, 26 Jul 2002 14:51:19 -0600
Glad it's resolved Richard - thanks for posting back.
-Sue
On Fri, 26 Jul 2002 15:55:18 -0400, "Richard Buchsbaum"
<rb539@columbia.edu> wrote:
>Aha! That did it.
>
>The machine kept a share-folder password I had typed in, and then defaulted
>to integrated security as you suggested in your previous message. Restarting
>and clearing the network places did the trick.
>
>Thanks.
>
>"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
>news:bf13ku0g1fjkusldoncaimkdvm3oq59rfp@4ax.com...
>> If logins are being audited, you can check what login the
>> user is connecting with. If logins are not being audited,
>> you can turn this on - it's good practice to enable this
>> anyway.
>>
>> -Sue
>>
>> On Fri, 26 Jul 2002 12:49:22 -0400, "Richard Buchsbaum"
>> <rb539@columbia.edu> wrote:
>>
>> >I'll check it out - except that, as far as I know, the two domains in
>> >questions share no user accounts - in other words, the integrated should
>not
>> >work.
>> >
>> >Any other insights would be appreciated.
>> >
>> >"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
>> >news:cin2kukah4c63qos6t3t3hscfadbirag8b@4ax.com...
>> >> I would still guess that Jasper is correct. You could be
>> >> hitting an MDAC bug where the authentication mode setting is
>> >> ignored and windows authentication is always used. Refer to:
>> >> FIX: SQL Server ODBC Driver Ignores Authentication Setting
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q279526
>> >>
>> >> -Sue
>> >>
>> >> On Fri, 26 Jul 2002 09:15:09 -0400, "Richard Buchsbaum"
>> >> <rb539@columbia.edu> wrote:
>> >>
>> >> >Jasper:
>> >> >
>> >> >No, the ODBC DNS is specifically set up to use SQL Server
>authentication.
>> >> >The machine in question does log on, as an administrator and with
>> >integrated
>> >> >(NT) security, to another SQL Server (different server and different
>> >domain
>> >> >than the SQL Server I'm talking about).
>> >> >
>> >> >Any possibility that the permissions for the two SQL servers are
>> >interfering
>> >> >with each other? There is no trust set up between the two domains that
>I
>> >> >know of...
>> >> >
>> >> >Anyway, this seems (is!) a terrible breach of security, which I MUST
>> >close
>> >> >up. Help, please!
>> >> >
>> >> >Thanks,
>> >> >
>> >> >Richard
>> >> >
>> >> >"Jasper Smith" <jasper_smith9@hotmail.com> wrote in message
>> >> >news:OcJbGcBNCHA.2688@tkmsftngp11...
>> >> >> The PC that connects without prompting for a login and
>> >> >> gives too much access is probably using NT Authentication
>> >> >> Is that PC logged on as a user with access to SQL anyway ?
>> >> >>
>> >> >> HTH
>> >> >> Jasper Smith
>> >> >>
>> >> >> "Richard Buchsbaum" <rb539@columbia.edu> wrote in message
>> >> >> news:#nrl3HANCHA.1584@tkmsftngp12...
>> >> >> > Hi:
>> >> >> >
>> >> >> > In a SQL Server 2000, I have created a standard (SQL Server) login
>> >and
>> >> >> > corresponding user. The user is a member of only the public role
>on
>> >only
>> >> >> one
>> >> >> > database. I have individually granted this user Select permission
>on
>> >a
>> >> >> > single view. That's it - nothing else.
>> >> >> >
>> >> >> > When I create an ODBC User DSN using this login, and try to access
>> >the
>> >> >> data
>> >> >> > (linking tables to an Access 2002 .mdb file), I get different
>results
>> >on
>> >> >> > different: One computer seems to work properly, allowing read-only
>> >> >access
>> >> >> to
>> >> >> > the view (along with access to the dtproperties, syscontraints,
>and
>> >> >> > syssegments tables). But trying this on another computer allows
>read
>> >and
>> >> >> > write access to every table and view in the database!
>> >> >> >
>> >> >> > Help! I need to implement strict security for this database,
>> >especially
>> >> >on
>> >> >> > the offending computer. Any guidance would be appreciated.
>> >> >> >
>> >> >> > (One interesting point - when linking through Access, the machine
>> >with
>> >> >the
>> >> >> > proper permissions prompts me for the login's password, while the
>> >> >machine
>> >> >> > with the "breach" does not. Hmmm...)
>> >> >> >
>> >> >> > Thanks in advance,
>> >> >> >
>> >> >> > Richard
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >>
>> >
>>
>
- Next message: Nathaniel Locklin: "Re: MS02-039 Installation Question"
- Previous message: Richard Buchsbaum: "Re: Inexplicable security lapse?"
- In reply to: Richard Buchsbaum: "Re: Inexplicable security lapse?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
