Re: Master database can be browsed by any user. is this normal?
From: John Dalberg (john_dd_at_hotmail.com)
Date: 10/28/04
- Previous message: Steve Ricketts: "Re: One Web Service updates SQL, another can't?"
- In reply to: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Oct 2004 08:09:06 -0700
On Wed, 27 Oct 2004 09:26:01 -0600, Sue Hoegemeier wrote:
> You could but it will break things. All logins need access to some of
> the system tables and stored procedures in the master database to
> function properly.
>
> -Sue
It seems the guest account has access to all system tables and SPs. For
example, why does the guest account have access to sp_who2. I don't want
users to find out what processes are running. My opinion is that they have
too much access which is not necessary.
Is their a script anywhere which modifies the guest permissions so that
they get only the absolute minimum needed for them to work without problems
in their own databases?
John
>
> On Wed, 27 Oct 2004 08:08:14 -0700, John Dalberg <john_dd@hotmail.com>
> wrote:
>
>>On Tue, 26 Oct 2004 20:21:25 -0600, Sue Hoegemeier wrote:
>>
>>> You can't disable the guest account in master or tempdb.
>>
>>How about giving denyreader and denywrite access to the master database and
>>deny execute on all the stored procedures for the guest account?
>>
>>John
>>
>>
>>
>>>
>>> -Sue
>>>
>>> On Tue, 26 Oct 2004 16:54:58 -0700, John Dalberg
>>> <john_dd@hotmail.com> wrote:
>>>
>>>>On Tue, 26 Oct 2004 15:08:19 -0600, Sue Hoegemeier wrote:
>>>>
>>>>> Yes...the login would access the database through the guest account.
>>>>> Guest is a member of the public role so accessing through this account
>>>>> gives the users whatever rights, permissions granted to the public
>>>>> role.
>>>>>
>>>>> -Sue
>>>>
>>>>Is there anyway to disable this? They can read sysusers tables and look at
>>>>usernames. Although they need to figure out the passwords but why give them
>>>>half of the data. Also the fact that they can browse the databases names is
>>>>also an unwelcome feature.
>>>>
>>>>John
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> On Tue, 26 Oct 2004 13:13:07 -0700, John Dalberg <john_dd@hotmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>I created a sql server type user who has access to a single database which
>>>>>>I created. When I logged in as the user, I was able to browser and read the
>>>>>>Master database tables even though there's no login user in the Master
>>>>>>database for that user. Is this normal behavior?
>>>>>>
>>>>>>John
- Previous message: Steve Ricketts: "Re: One Web Service updates SQL, another can't?"
- In reply to: Sue Hoegemeier: "Re: Master database can be browsed by any user. is this normal?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
