Re: System Tables and Public Role

From: Randy Weisenseel (rweisenseel_at_sbcglobal.net)
Date: 09/13/04 

Date: Mon, 13 Sep 2004 18:33:43 GMT

Mike,

Thanks for your update. Since you and I seem to be the only ones with this
type of security in mind, I guess we need to "trial and error" the security
on our installations. Take permissions away and test to see if something
breaks.

Thanks again for your reply,

Randy

"Mike" <annon@hotmail.com> wrote in message
news:u0pU02MmEHA.3536@TK2MSFTNGP10.phx.gbl...
> Randy,
>
> I'm looking for the same answer. What I have done on all my user created
> databases is removed public from ALL the system tables. This prevents a
> hacker from accessing the information via sql injection. I don't know if
it
> is the "proper" way to do it, so far it has worked without any issues....
>
> Mike
>
>
> "Randy Weisenseel" <rweisenseel@sbcglobal.net> wrote in message
> news:vpI%c.9050$ZC7.8522@newssvr19.news.prodigy.com...
> > I've been researching and researching but can't seem to find an answer
to
> my
> > issue. I am securing a SQL Server installation for one of my clients.
> > Everything I read indicates that you should not grant permissions to the
> > public role for any database objects. See link below for some more
> detail.
> >
> >
> >
> >
>
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec04.mspx
> >
> >
> >
> > This leads me to my issue. The public role is granted "SELECT" on
system
> > tables by default. Am I to assume that the public role requires these
> > permissions or can these permissions be revoked from all system tables?
> Is
> > there a definitive list of system tables (both in the user databases and
> > master databases) that are required by users to have "SELECT"
permissions?
> > Can someone please elaborate on necessary permissions on system tables
> (and
> > for that matter system stored procedures) required by database users?
> >
> >
> >
> > Thanks in Advance,
> >
> >
> >
> > Randy
> >
> >
>
>

Relevant Pages

  • Re: Creating security for MS Access application
    ... I wanted to create user ids and grant permissions based on user ids. ... You've not properly secured your database if that's the case. ... of User Level Security before mucking around with it too much more. ... with instructions on how to properly secure a database without the Security Wizard: ...
    (microsoft.public.access.security)
  • Re: A note to add to ASPFAQ.com for database compacting
    ... I set the database directory permission to give full access to ... then checked "Allow inheritable permissions from parent to ... Thus your problem is that you have to high of security set ... > the files needed and also a compact & repair operation will not cause ...
    (microsoft.public.inetserver.asp.db)
  • Sorting out security
    ... MS Access security. ... created a new workgroup, added a password for the Admin role, added groups, ... user IDs and passwords for users and allocated permissions on the ... remote logins to a secured database. ...
    (microsoft.public.access.security)
  • RE: Security setup does not allow import of tables
    ... When you click on the menu option Tools> Security> User and Group ... Permissions at the bottom of the screen does it show you logged in as the ... | new system database that has a unique Name, Organization, ... In the User and Group Accounts dialog box, ...
    (microsoft.public.access.security)
  • Re: Access db accessibility (permissions??)
    ... if you have not then your computers are workgrouped, security becomes a bit ... password when you first login to your database. ... > folder and then delete it. ... So the permissions are RWED on that folder. ...
    (microsoft.public.access.security)