Re: Master database can be browsed by any user. is this normal?

From: John Dalberg (john_dd_at_hotmail.com)
Date: 10/27/04

Next message: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Previous message: Nikolay Petrov: "Re: Stored procedures security"
In reply to: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Next in thread: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Reply: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Oct 2004 08:08:14 -0700

On Tue, 26 Oct 2004 20:21:25 -0600, Sue Hoegemeier wrote:

> You can't disable the guest account in master or tempdb.

How about giving denyreader and denywrite access to the master database and
deny execute on all the stored procedures for the guest account?

John

>
> -Sue
>
> On Tue, 26 Oct 2004 16:54:58 -0700, John Dalberg
> <john_dd@hotmail.com> wrote:
>
>>On Tue, 26 Oct 2004 15:08:19 -0600, Sue Hoegemeier wrote:
>>
>>> Yes...the login would access the database through the guest account.
>>> Guest is a member of the public role so accessing through this account
>>> gives the users whatever rights, permissions granted to the public
>>> role.
>>>
>>> -Sue
>>
>>Is there anyway to disable this? They can read sysusers tables and look at
>>usernames. Although they need to figure out the passwords but why give them
>>half of the data. Also the fact that they can browse the databases names is
>>also an unwelcome feature.
>>
>>John
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>>
>>> On Tue, 26 Oct 2004 13:13:07 -0700, John Dalberg <john_dd@hotmail.com>
>>> wrote:
>>>
>>>>
>>>>I created a sql server type user who has access to a single database which
>>>>I created. When I logged in as the user, I was able to browser and read the
>>>>Master database tables even though there's no login user in the Master
>>>>database for that user. Is this normal behavior?
>>>>
>>>>John

Next message: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Previous message: Nikolay Petrov: "Re: Stored procedures security"
In reply to: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Next in thread: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Reply: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Master database can be browsed by any user. is this normal?
... > the system tables and stored procedures in the master database to ... It seems the guest account has access to all system tables and SPs. ... Is their a script anywhere which modifies the guest permissions so that ...
(microsoft.public.sqlserver.security)
Re: Master database can be browsed by any user. is this normal?
... All logins need access to some of ... the system tables and stored procedures in the master database to ... >> You can't disable the guest account in master or tempdb. ...
(microsoft.public.sqlserver.security)
Execute Persmission denied on object sp_OACreate
... I have a user who has execute permissions on a store procedure in a database ... which in turns executes 4 stored procedures in the master database. ...
(microsoft.public.sqlserver.security)
using sp_ as a naming convention for stored procedures
... I know that using 'sp_' as a naming convention for stored ... System Stored Procedures heading, states: ... Server will look in the master database. ...
(microsoft.public.sqlserver.programming)
Lost Stored Procedures
... somehow all the stored procedures in the Master Database ... have been deleted and the backup is not working. ... SysObjects they are gone. ...
(microsoft.public.sqlserver.server)