October 25, 2006 at 6:15 am
Hi,
When using SQL Server Management Studio to connect to a SQL2000 database using a user/password that has only permissions for its database and default permission on the master database, it lists all the databases on the server, not a huge problem.
Though if you right click your database and go to "Tasks" >> "Back Up..." now click the "Add" button under destination and in the "Select Database Destination" dialogue click the "..." button.
You are now able to browse the entire drives file stucture.
You are also able to overwrite other backup files or restore other backup files from any other database.
If I do this with Enterprise Manager I get the following error :
error 229: EXECUTE permission denied on object 'xp_availablemedia', database 'master', owner 'dbo'
And with Enterprise Manager I only see a list of databases I have access to.
Anybody got any suggestions on how to make my SQL2000 servers more secure?
October 26, 2006 at 10:57 am
October 27, 2006 at 5:28 am
public and db_owner
I got this by going to the a database of a standard useer then under users clicked the properties of the user.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply