Furthermore, the login has no rights on other databases on the sql server. However, the login can see the other databases if he registers the sql server with the provided login data. This is what we would like to prevent: he may only see his own database.
How could I tackle this problem? Any suggestions are welcome.taken from books online
sp_addlogin
Creates a new Microsoft® SQL Server? login that allows a user to connect to an instance of SQL Server using SQL Server Authentication.
Syntax
sp_addlogin [ @.loginame = ] 'login'
[ , [ @.passwd = ] 'password' ]
[ , [ @.defdb = ] 'database' ]
[ , [ @.deflanguage = ] 'language' ]
[ , [ @.sid = ] sid ]
[ , [ @.encryptopt = ] 'encryption_option' ]
Arguments
[@.loginame =] 'login'
Is the name of the login. login is sysname, with no default.
[@.passwd =] 'password'
Is the login password. password is sysname, with a default of NULL. After sp_addlogin has been executed, the password is encrypted and stored in the system tables.
[@.defdb =] 'database'
Is the default database of the login (the database the login is connected to after logging in). database is sysname, with a default of master.
[@.deflanguage =] 'language'
Is the default language assigned when a user logs on to SQL Server. language is sysname, with a default of NULL. If language is not specified, language is set to the server's current default language (defined by the sp_configure configuration variable default language). Changing the server's default language does not change the default language for existing logins. language remains the same as the default language used when the login was added.
[@.sid =] sid
Is the security identification number (SID). sid is varbinary(16), with a default of NULL. If sid is NULL, the system generates a SID for the new login. Despite the use of a varbinary data type, values other than NULL must be exactly 16 bytes in length, and must not already exist. SID is useful, for example, when you are scripting or moving SQL Server logins from one server to another and you want the logins to have the same SID between servers.
[@.encryptopt =] 'encryption_option'
Specifies whether the password is encrypted when stored in the system tables. encryption_option is varchar(20), and can be one of these values.|||Well, I already did the same thing but then using the the Enterprise Manager menu's. Problem remains how to make sure the sql login cannot SEE the databases it has no access to... furthermore, I see the guest account also has rights to the master and tempdb databases, while this account may not be deleted according to msdn documentation... Could I solve this problem or is it just simply impossible?
No comments:
Post a Comment