Re: SQL Default Login?
From: Dan Guzman (danguzman@nospam-earthlink.net)
Date: 11/14/02
- Next message: Christine Glew: "PRB: Message 18456 from a Distributed Query"
- Previous message: Sue Hoegemeier: "Re: proxy account"
- In reply to: Audrey Lim: "Re: SQL Default Login?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dan Guzman" <danguzman@nospam-earthlink.net> Date: Thu, 14 Nov 2002 08:18:06 -0600
I don't see a security issue since the reported default login is not
used. A user needs a valid account (SQL Server login, or Windows
user/group) that has been granted access to SQL Server in order to
connect. Once connected, the user can access only those database they
have been explicitly granted access to plus those with the guest user.
-- Hope this helps. Dan Guzman SQL Server MVP ----------------------- SQL FAQ links (courtesy Neil Pike): http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800 http://www.sqlserverfaq.com http://www.mssqlserver.com/faq ----------------------- "Audrey Lim" <robwhitz@yahoo.com> wrote in message news:10b5501c28bb3$9bf49720$2ae2c90a@phx.gbl... > Hi, > > Would it pose a security concern if the default login is > guest? I mean having a guest user is as good as allowing > annoymous access. > > Regards, > Audrey > > >-----Original Message----- > >The guest database user provides logins with a security > context when > >they haven't been explicitly granted database access. > This is needed > >for master and tempdb so that you don't need to grant > every login access > >to these shared databases. > > > >You can ignore the default login reported by > xp_loginconfig. This is > >not related to the guest database user and is provided > only for > >backwards compatibility. > > > >-- > >Hope this helps. > > > >Dan Guzman > >SQL Server MVP > > > >----------------------- > >SQL FAQ links (courtesy Neil Pike): > > > >http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800 > >http://www.sqlserverfaq.com > >http://www.mssqlserver.com/faq > >----------------------- > > > >"Audrey Lim" <robwhitz@yahoo.com> wrote in message > >news:f90801c28b6b$4331e4a0$37ef2ecf@TKMSFTNGXA13... > >> I executed the stored procedure 'xp_loginconfig' in the > >> Master Database. It shows that the default login for > the > >> database is guest user. I understand that the guest > user > >> can be deleted and added to all databases except master > >> and tempdb, where it must always exist. > >> > >> A few questions:- > >> - What is the main purpose of guest in both master and > >> tempdb? > >> - Can I change the default login to another account in > >> both master database without revoking the guest user? > >> > >> I would appreciate any advise on the above questions. > >> > >> Thanks, > >> Audrey > >> > > > > > >. > >
- Next message: Christine Glew: "PRB: Message 18456 from a Distributed Query"
- Previous message: Sue Hoegemeier: "Re: proxy account"
- In reply to: Audrey Lim: "Re: SQL Default Login?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
