ODBC Backdoor into Sql 7.0?

**Katyan** · 05-09-2003, 10:30 AM

Hi, I'm running SQL Server 7.0 I have a number of databases and specific users have been given access to different databases. I have recently realised that it is possible for a user not given access to say DATABASE1 to create an ODBC Data source to that Database to use MS Access to access the tables. I am using NT security via SQL.
How can I stop this?

**rmiao** · 05-09-2003, 11:03 AM

How did they connect with odbc? Sql authentication or via trusted connection?

**Katyan** · 05-09-2003, 11:08 AM

The ODBC configuration used Trusted Connection.

**rmiao** · 05-09-2003, 11:42 AM

Then it depends on account used to log into windows. Double check its permission and permission of groups it belongs to on sql.

**Katyan** · 05-09-2003, 12:41 PM

I have been able to veiw tables in the database, logged on as a users that does not have an account in SQL. No user name, no database permissions. So what's happening.

**Katyan** · 05-09-2003, 12:55 PM

Ok, scratch that I just checked again I cannot actually change the data, just view it. Thanks for the help.

**rmiao** · 05-09-2003, 01:07 PM

You may have guest user in the db, can delete it if you don't want other users without permission to view data in the db.

**Katyan** · 05-09-2003, 02:32 PM

Ray, you're quite correct. Removing the guest account solved the problem.

Thanks again

Thread: ODBC Backdoor into Sql 7.0?

Thread Tools

Display

ODBC Backdoor into Sql 7.0?

Trusted Connection

Posting Permissions