Re: Application concerns OVER Login

From: Andrew J. Kelly (ajkellynospam@attbi.com)
Date: 04/06/03 

From: "Andrew J. Kelly" <ajkellynospam@attbi.com>
Date: Sat, 5 Apr 2003 17:33:47 -0500

> 1) setup user on network with only user rights. (Win2k Server)
> 2) gave that user rights to specific stored procedures on database
> 3) wish to distribute this sql server database on a cd
>
> Question A:
>
> If someone gets a copy of the cd and creates the same user on their
network,
> will they be able to open the SQL Server 2000 database under that user
name
> (Windows Authentication) or will they only have rights to the stored
> procedures which that user has permission to use (SQL Server
> authentication)? As per above, the Windows Authenication Role for this
user
> is only for the stored procedures. There are no dbo rights for this user.

The only thing that is stored in the database is the users not the server
logins. So if someone gets a cd with a DB on it and they have a copy of SQL
Server then most likely they can log in as sa and do what they want with
your db. You basically can't stop sa from accessing your data if they have
the data files. There is no built in protection in that manner.

>
> Question B:
>
> Short of figuring out the sa password, will anyone be able to open that
> database on the distributed CD?

Again sa is at the server level not the db level. So your sa password has
nothing to do with their sa password on their server.

>
> Question C:
>
> Is it important to create a difficult password for this user? The
password
> will be given out with the CD.
>

Same as above. 

-- 
Andrew J. Kelly
SQL Server MVP

Relevant Pages