Monday, March 12, 2012

MSDE issue

Can’t a client easily register an instance of MSDE using any third party GUI
or EM and get hold of our data structure? How can I over come this issue, if
I am installing MSDE on client computer?
thanx
hi,
"Job Lot" <JobLot@.discussions.microsoft.com> ha scritto nel messaggio
news:7002631C-B28D-4785-8C16-2EFE5D74BD50@.microsoft.com
> Can’t a client easily register an instance of MSDE using any third
> party GUI or EM and get hold of our data structure? How can I over
> come this issue, if I am installing MSDE on client computer?
> thanx
a MSDE instance can be easly registered as a linked server or in EM, from
remote (as long as the required network protocols are enabled) or local pc,
or using third party tools... as long as login privileges are set to the
logged user or a valid SQL Server login is known...
to access the databases, another issue must be granted (quite easy), that's
to say the logged user (login) is mapped to a valid database user...
if the login (both NT [trusted connections] or SQL Server [requiring "user"
and "pwd" credentials]) is member of WinNT administrators group (and thus)
or sysadmins server roles, he/she can actually do whatever he/she wants as
that membership grants illimitate privileges...
this design is part of the SQL Server security and can not be cut... so you
have to grant minimal privileges (server side) to logins in order to allow
only to specific logins the ability to access you databases..
a good article about security model is presented at
http://www.sql-server-performance.co...l_security.asp and
http://www.microsoft.com/technet/pro.../sp3sec03.mspx
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.9.1 - DbaMgr ver 0.55.1
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply

No comments:

Post a Comment