Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
joblot1976
Starting Member
10 Posts |
 Posted - 2004-10-05 : 07:12:22
|
| MSDE issueI am installing MSDE on client’s computer. My worry is, users can easy register an instance of MSDE using any third party GUI or EM and could get hold of our data structure. How can I overcome this issue? |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-10-05 : 13:24:26
|
| Users should not have permissions to connect to servers that they don't need to. Why do your users have this permission in the first place?Tara |
 |
|
|
joblot1976
Starting Member
10 Posts |
Posted - 2004-10-06 : 23:13:47
|
| I am distributing my application which includes MSDE 2000. My setup program attaches .MDF and .LDF files once instance of MSDE 2000 is installed on the customer’s computer. Now my worry is how can I restrict customers running W2k or XP from accessing my database using EM or third party GUI’s. If customers are running W2k or XP and have administrative privileges they can easily register the installed instance of MSDE with EM and access the data structure, stored proc etc?I tested it on a computer which is running W2k, I logged in as Administrator, ran my Setup program to install MSDE, attach .MDF and .LDF, .NET framework, MDAC and my application. Then I installed EM and registered an instance of installed MSDE with it. I could access everything in the attached db. How can I prevent this, as data structure, stored proc etc means a lot and can’t let anyone steal it.Thanks |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-10-07 : 12:24:07
|
| The only way to prevent them from getting in is to not give them the permission. By default, local administrators have sysadmin inside SQL Server. You can remove the BUILTIN\Administrators group from this role so that this doesn't occur. Who is responsible for backups and integrity checks and all of the DBA tasks on this system? If it's not you, then someone is going to need sysadmin to perform these tasks. You don't want to be in the situation where you have to post a question here and say somebody did something and we need to undo it but we don't have a backup.Tara |
|
|
|
|
|
|
MSDE issue