Re: Database security (non-existent?)
- From: "Arved Sandstrom" <asandstrom@xxxxxxxxxxxxx>
- Date: Wed, 02 Jul 2008 15:29:38 GMT
"Greg D. Moore (Strider)" <mooregr_deleteth1s@xxxxxxxxxxx> wrote in message
news:SIednfQ_H8TjoPXVnZ2dnUVZ_qHinZ2d@xxxxxxxxxxxxxxxx
"Annonymous Coward" <me@xxxxxxxx> wrote in message[ SNIP ]
news:j46dna4uNN2e0f_VnZ2dnUVZ8sjinZ2d@xxxxxxxxx
I recently downloaded and install SQLServer Express. I am considering
using it as the backend db for my app (i.e. moving from the current
PostgreSQL).
I run sqlcmd without specifying any username or pwd, and I was suprised
that I had access to the 'server', and could create and drop databses
(admittedly I dropped only the dbs I created). This appears to be a
*HUGE* security flaw - unless (I hope), I have missed something.
Umm, not really. This is by design. Especially if you have any sorts of
admin capabilities on your box.
BTW, based on this and your other post, I would highly recommend you pick
up a book (check out Microsoft Press) on SQL Server 2005 security.
There's far to much to learn than you can adequately learn in a newsgroup
like this.
Simply put, done correctly SQL Server 2005 is pretty much as secure as
anything else out ther.e
I would also recommend a book. However, reading articles like
http://technet.microsoft.com/en-us/library/ms345149.aspx is certainly a good
start.
AHS
.
- Prev by Date: Re: Datetime import/export issue
- Next by Date: Re: GROUP BY a computed column
- Previous by thread: Odd character appended to data
- Next by thread: Re: GROUP BY a computed column
- Index(es):
Relevant Pages
|
