Revoking All Permissions - Secure By Default
Nov 10, 2005I am designing my software to be 'secure by default'.
View 4 Replies
ADVERTISEMENT
Revoking Object Permissions
Aug 18, 1998I just finished doing a search of the archives and found two references in April 98 to what appears to a
similiar proglem to what I have. I found no comments after that.
I have recently converted my 4.2x databases to 6.5. Since then, I have been unable to revoke
object permissions completely for my users. My front end gives user permissions on tables and
views to the users but I only want them to have group permissions. When I use EM or DBArtisan
or ISQL to revoke all the user`s permissions, the response is that they are successful but the
permission still display and are shown in sp_helprotect. Is this a known "undocumented feature"
or a new twist on an old 6.5 problem?
Revoking Permissions On System Tables To The Public Role.
Oct 14, 2004We have an audit issue that is requiring me to revoke the select permissions from the public role to the system tables. Has anyone had to do this?? What problems did you experience? Are their any tables that you were not able to change the permissions on? Any help is greatly appreciated.
View 5 Replies View RelatedNew Users And Default Permissions
Nov 26, 2006Hi,
I want to create a new user for my database and allow them to only select data from the tables...
CREATE LOGIN NEHardcoreWITH PASSWORD = 'abc'USE aiaccontentdb;CREATE USER NEHardcore FOR LOGIN NEHardcore
What permissions will this give to the new user? Do I need to grant any permissions and/or revoke any?
Thanks!
What Permissions Has By Default Public Role?
Mar 27, 2008Can someone tell me what permissions has public role in sql server? can it read every table or it can just connect to a database and no more?
thanks
Default Permissions On Creation Of New Database
Jan 23, 2008I notice when I create a new database within my SQL Server that the
permissions for the new database automatically adds a user (Who is configured
as sysadmin) with dbo permissions to this database.
Both within the login properties of the select user (User mapping) is listed
as Default Schema, dbo and within the permissions of the database listed as
user with connect permissions.
I have other users configured as sysadmin and they do not get this rights
(They are not expliticly listed within user mapping with dbo or permissions
as user within the database).
I've inherited this system and wonder if the user has somehow changed the
new database procedure so it changes the default permissions of new databases.
Any way to check what he's done, I can see no differences between him and
the other sysadmins but he's definatly specifically listed as a dbo on all
new databases.
Although I don't mind him having access, he's a sysadmin after all, I'd like
to make it uniform thoughout the system, i.e. using the inhertited
permissions rather than specific permissions that seem to be created when the
new database is created.
Any ideas?
Flubster
New User Default Permissions Allow Full Access?
Aug 22, 2007I want to allow a user to only select from certain tables in a SQL 2005 database.
Without granting any permissions, the user can select from any table.
All tables are owned by dbo.
I am using a Windows login and it is not a member of any groups other than one to allow Terminal Server logins.
SQL login properties:
Only server role is Public
Mapped to a user with the same name
Default schema is dbo
No securables listed
User properties:
No owned schemas
No role memberships
No securables listed
Database permissions:
Under explicit permissions, this user is only granted Connect
Effective permissions lists everything!!!
Where are these effective permissions coming from?
TIA
Table Permissions Versus View Permissions
Aug 2, 2006Using SQL Server 2k5 sp1, Is there a way to deny users access to a specific column in a table and deny that same column to all stored procedures and views that use that column? I have a password field in a database in which I do not want anyone to have select permissions on (except one user). I denied access in the table itself, however the views still allow for the user to select that password. I know I can go through and set this on a view by view basis, but I am looking for something a little more global.
View 5 Replies View RelatedHow To Secure Mdf
Sep 24, 2005I am designing an application built on sql server 2000
how can I prohibit other sql server users from accessing my database and allowing only acceesing it through my application or through owner designer of sql server database.
my situation needs sometimes copying the db from the end user platforms to
my designer computer to analyze some problems or maintainenace or modification, and also I have no control on users windows environment and I need the end user professional not to enter the my db from outside my application.
So,
is there anything I can do to secure an MDF (MSDE/SQL Server 2000) file so that a user cannot see my schema under any circumstances.
Even if I lock the MDF down and secure the instance, a smart user can just shut off the SQL server, copy the MDF to another instance, sp_attachdb and open it with sa rights. I need a way to prevent others from getting inside my schema.
Secure FTP
Apr 28, 2008Hi,
Do you guys know how to call secure FTP from a script task in an SSIS package which can be done by invoking the exe like winscp from a script task
Secure FTP
Apr 9, 2008hi everybody ,
Can anybody tell me about Secure FTP
and how the code for uploading and downloading of files can be write using Visual C#
actually i have created code for Standad FTP(normal FTP), but when I am using it for secure FTP then the compiler is giving an Exception: "Unable to create Remote Server"
very confuse about what to do....??
even very small help would be very very appreciable
thanx .... Nics
How To Secure (.mdf And .ldf) DB Files?
Aug 9, 2004Database files (.mdf and .ldf) could be copied and explored by attaching them to any other instance of sqlserver.
How we could secure those files as we can do for Access file using a password ?
Thanks for any comment.
skentafi
How Can I Keep My DB Secure On SQL Server
Nov 11, 2005hi
this is my 1st time on this forum, I need to keep my DB secure on SQL server, that no body can enter into my DB and couldnt see my tables and other elements of DB.
Regards
AHK
Secure Dts Packages
Mar 21, 2006i need to set up a sql server login that can query the database, but i don't want it to be able to see scheduled jobs or dts packages
actually if i could keep it out of enterprise manager altogether that would be great
how can i set this up?
How Can I Secure My MDF File?
Jun 30, 2005If a user is a local admin of the box they can gain full access to the database via integrated security. They can create their own database and attach .MDF
How can i secure the .MDF so that no one can gain access to it?
How Secure Is Sql Ce Password?
Mar 5, 2008I have developed an application that uses a SQL Server compact edition database (.sdf). The database contains important data that I do not wish people to access.
My question is if I choose to Encrypt the database using the option available when you create the database and specify a password how secure is it ?
Are there tools on the market that will be able to crack this password and therefore gain access ?
Thanks
Is Installation Secure ?
Jul 20, 2005We can find a lot of recommandations about how to secure a SQL*Server configuration.Does anyone have scripts to do it ?Any advices or links are welcome
View 2 Replies View RelatedSecure Replication
Jul 20, 2005How would I set up secure replication between 2 servers that are indifferent cities?Would I need to define linked servers first?Would I use SSL?Help appreciated. Thanks.Steve*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
View 1 Replies View RelatedHow To Secure The Database
Jul 10, 2007Hello...
I develop a .NET Application which uses a SQL Express Database. The application will be distributet to several customers. That means the customer must have (or install) SQL Server Express Edition .
But we dont want that the users manual access to the database.
As far as understand that is not possible because the user (customer) will be the administrator for the SQL Server Express because it runs in his own PC (no password security).
Am I right? Thank you..
Possible To Secure Using .Net StrongNameIdentityPermission?
Oct 24, 2006Is it possible to secure a SQL Server database or schema using a technique such as the .Net StrongNameIdentityPermission attribute? The intent is that SQL Server would only permit transactions coming from assemblies which were signed with a particular .Net StrongName private key.
We are installing a 3rd party SQL Server / ASP.Net application which must run in our DMZ and we are looking for all possible measures to secure the SQL Server database.
Thanks
How Can I Secure My MDF File?
Jun 30, 2005If a user is a local admin of the box they can gain full access to the database via integrated security. They can create their own database and attach .MDF
View 24 Replies View RelatedHow Can I Secure My Database??
Jun 16, 2007hello all,
I've recently started using sql express 2005. I've used the features very conveniently.
But one thing i coudn't understand is how can i secure my database from unwanted access.
I've Installed Sql Express 2005 with mixed mode authentication (Sql authentication) and attached my Database. But it also connects with Windows authentication, and all my data tables are openly visible.!!
How can i Secure my database now..!!!
My intention is to restrict access to my databases only to certain users (may be SQL Logins)
Please guide me how to accomplish this...
Thanks
SQL Server 2012 :: Use Of Default Keyword As Parameter Default - What Value Is It
Aug 11, 2015@pvColumnName VARCHAR(100) = Default,
However, I am unable to determine what is the value for Default. Is it '' ?
Default is not permitted as a constant - below fails to parse:
WHERE t2.TABLE_TYPE = 'BASE TABLE'
AND (@pvColumnName = Default OR t1.[COLUMN_NAME] Like @vColumnName)
Are Packets From .NET To SQL Server Secure?
Feb 20, 2004When I'm getting data from sqlserver using ado.net and a sqldataadapter, are the resultant network traffic packets secure? If I wanted to deploy my objects at a remote site, would I still be safe going straight to my sql server from there or should I build a web service and then auto generate 'remote' versions of my objects that will then communicate to the web service on https?
thanks
pat
Enterprise Manager - How Secure Is It?
Oct 30, 2004I connect to my clients SQL databases via Enterprise Manager. Most of the time the SQL server resides at a web host. A colleague recently told me that this is a huge security hole and I should be using Remote Desktop instead.
I would appreciate other input, opinions, and guidance on this issue.
It's The SQL 7 Process Encryption Secure?
Aug 21, 2000Hi!
Somebody knows if un-encrypt transact SQL is posible in sql 7? Thanks
Nestor Groel
Secure Tunnel Between Two SQL Servers
Jan 31, 2008Hello,
I am trying to find software for configuring a secure connection between two SQL servers over the internet for our application that runs sql statements between two databases.
Mabey some sort of SSH software that is desinged for this? I have attempted to use VPN however this is not for a network, just 2 servers, no domain controller or DHCP server is available, they are connected directly to the internet.
Any ideas would be appreciated.
Is General Authentication Secure Enough?
Feb 5, 2008
Hello,
I have a project which I am working on that includes database support. The Database server has several databases hosted on it. Setting network security hardware/software aside for a moment and strictly talking about security handled by the Database server, is is good enough to rely on adding users to a databases "users" list or are there other things on the database server I should look at? We are using both Windows and SQL authentication. We have some users that are to have access to all the databases (Administrators and database operators) and some who will only be permitted to have access to a few of the databases (not all of them). Obviously there are other security concerns such as network firewalls and the such which are being handled by the IT team but I wanted to know if the simple 'add user to "users" list and remove for the rest' approach is all that can be done or if there is more that can be done on the SQL server.
Thanks!
Row Level Filtering (does Not Need To Be Secure)
May 11, 2007I'm trying to design a system where I can filter (not secure) a users results, the user may or may not pass in a user ID. We typically use middle tier connection pooling with a single identity, so I believe labelling is not suitable.
I think the ideal solution would be...
User to establishes a connection through our application, a user id will be established as part of the connection.
A view is created describing what the user is able to access. Preferably the user should not be aware of the view.
The user or our application executes a number of select queries.
Note that there may be many users with different filters required connecting at any time.
Direct user updates of the table do not need to be supported.
Secure .NET 1.1 Application From Users
Jan 20, 2006Hi all.
I am developing an distributed VB.NET 1.1 application with a TripleDES capable socket layer for communication with my server app.
I need to secure the distributed app from the users within the organization I am developing it for (a franchise).
I do not wish to store any encryption keys in the source code as these would be obvious to any seasoned hacker through decompilation of my binaries (even with obfuscation). I have decided to use the windows DPAPI (under machine storage mode) to secure manually entered (at installation) encryption layer keys in the registry. The salt values for this DPAPI mode also need to be secured, as a disgruntled franchise owner may be the hacker (and hence would have admin privilege on the machine the software is installed on). Not as far fetched as you think !
This is the beginning of a vicious cycle. How do I secure and where do I store this salt value safely ? With it a hacker with admin privilige can easily decrypt my keys if they know I am using machine mode DPAPI. Can I use ACLs to protect the keys with an account I set up manually on the machine ? If so then I would need to be able to switch account identities in my code (which I haven't researched as yet) and then would need to store the password to that somewhere.
If anyone could offer any insight or direction it would be much appreciated.
Secure Database ,only For 1 User
Jan 10, 2007Hello,
Is possible to create database file with only one user(No local acount used by Windows authentication)?
I want copy with my aplication also database mdf file with secret data .I don't want so as user loged to sql server as 'dbo' user ( Windows authentication) can view or edit it.
It is possible?
Ondra.
Secure Sa Login From Locking
Feb 20, 2008
Can you suggest me , what command should i use to set the sa login for locking even after trying several times in SQL Server 2005.
SQL Security :: How To Secure MDF File
Sep 14, 2015I have a query regarding how to secure my mdf file.
I'm sending my mdf file at the time of installation of the software, so I want to know how to protect my mdf file from other clients.
(So that they cannot see or access my tables and data present in it).