-
ODBC Backdoor into Sql 7.0?
Hi, I'm running SQL Server 7.0 I have a number of databases and specific users have been given access to different databases. I have recently realised that it is possible for a user not given access to say DATABASE1 to create an ODBC Data source to that Database to use MS Access to access the tables. I am using NT security via SQL.
How can I stop this?
-
How did they connect with odbc? Sql authentication or via trusted connection?
-
Trusted Connection
The ODBC configuration used Trusted Connection.
-
Then it depends on account used to log into windows. Double check its permission and permission of groups it belongs to on sql.
-
I have been able to veiw tables in the database, logged on as a users that does not have an account in SQL. No user name, no database permissions. So what's happening.
-
Ok, scratch that I just checked again I cannot actually change the data, just view it. Thanks for the help.
-
You may have guest user in the db, can delete it if you don't want other users without permission to view data in the db.
-
Ray, you're quite correct. Removing the guest account solved the problem.
Thanks again
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|