Mystery SQL database access



I am in the process of analyzing an existing SQL Server 2000 implementation.

I am currently looking at the security and have found something I can't
explain.

I see a standard SQL Server login.

The login does not have any user database access. The login is not part of
any server roles. In spite of this, the login is connecting to a database
and executing stored procedures from a remote server.

I do see an entry in the public group in the database which is
'\loginid'...don't understand what this is.

The guest account does not exist in the database.

No permission to execute sps has been granted to public so even if the
standard id is somehow tied to the entry in public it should not have perms
to execute anything.

The Windows server does not have an local ids similarily named.

I have run out of ideas here.....any thoughts?

Thanks in advance.

Susan
.



Relevant Pages