| Author |
Topic |
|
mrcomino
Starting Member
2 Posts |
 Posted - 2004-03-18 : 10:56:22
|
| How avoid sa login in Comercial aplication?Im using SQL 2000 EE in a DatacenterI have some aplication as "trend miccro antivirus" which usesthe sa account in order to create its database.After that , i see no reason to still uses the sa account , so i create a new login VIRUSADMIN and then i create alias to the dbo user of these databases example use db_ControlManagersp_addalias VIRUSADMIN,dboBut Im having still problems to get tha aplicattion running properlyAny Idea?Why all software wants the sa? This fact causes lot of security problems with others databases in the same instance.Sorry for my english |
|
|
samsekar
Constraint Violating Yak Guru
437 Posts |
Posted - 2004-03-18 : 11:12:29
|
| Why not Application Role !!- Sekar |
 |
|
|
mrcomino
Starting Member
2 Posts |
Posted - 2004-03-18 : 11:18:01
|
| Colud you send me some link with information about the creation and use of "Aplication Role" in Sql2000.May I give more privileges than the "dbo" to a login withoutcompromising the security of the others Databases of the instance? |
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-03-18 : 11:28:52
|
| Yes you can. Just make sure it doesn't have server roles. To make this type of login, go to Security/Logins.Right-click and make New Login. Use SQL Server Authentication. Make the default database the virus scan database. Give dbo access to only that database.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
AjarnMark
SQL Slashing Gunting Master
3246 Posts |
Posted - 2004-03-19 : 12:10:54
|
| I've run into this before where a software vendor says they need to be a sysadmin. After I stop laughing, I give them the compromise of creating the database for them and using sp_changedbowner to make them the actual database owner (not just db_owner role). This usually takes care of things because it will default ownership of objects to dbo (like a sysadmin) instead of the specific username.In my opinion this is a sign of weak, faulty programming technique, not to mention a complete lack of understanding of security on the vendor's part. Many companies say they need sa for their application because it wipes out 90% of the problems they have with an application and cuts down on support calls. But if they'd just learn a little bit about SQL Server security, and good development practicies, they could easily fix their own problem.--------------------------------------------------------------Find more words of wisdom at [url]http://weblogs.sqlteam.com/markc[/url] |
|
|
|
X002548
Not Just a Number
15586 Posts |
Posted - 2004-03-19 : 12:18:58
|
quote:
Originally posted by AjarnMark
After I stop laughing.....[/url]
 Thanks for the chuckle...Brett8-) |
|
|
|
JimL
SQL Slinging Yak Ranger
1537 Posts |
Posted - 2004-03-19 : 12:39:59
|
| Have a couple that wanted the same.Ended up showing them the right way.SA no way.JimUsers <> Logic |
|
|
|
AjarnMark
SQL Slashing Gunting Master
3246 Posts |
Posted - 2004-03-19 : 12:44:11
|
| BTW I fixed/sabotaged the SA account on the server by setting the password to some random length set of randomly typed characters, and promptly cleared my screen so, literally, nobody knows the SA password and that login cannot be used unless some admin goes and changes the password to something else. And if they do, they'll be fired, or fired upon, depending on the mood at the time.--------------------------------------------------------------Find more words of wisdom at [url]http://weblogs.sqlteam.com/markc[/url] |
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-03-19 : 12:55:54
|
| We set ours to some random, unintelligible mess also. It's recorded in a secured directory that two DBAs and the SVP have access to. If anyone is ever caught logging in as sa, I'll have to chop them up in little pieces. :)Before I got here we had it hardcoded in components sitting on our web servers.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
X002548
Not Just a Number
15586 Posts |
Posted - 2004-03-19 : 13:22:52
|
quote:
Originally posted by derrickleggett
Before I got here we had it hardcoded in components sitting on our web servers.
..and another chuckle....Brett8-) |
|
|
|
|
How avoid sa login in Comercial aplication?