I would like to be able to setup a user that can only select information
from a View.
But when I enable security for this user, the user can see all the
tables, Views, Store Proc etc. I know it is only the names, but I don't
want the user to be able to do this, as he is only allowed to view the
view I have enabled for him.
The user can log in using Enterprise Manager and flick through the
tables, views etc, but can't read them, but he can get the names which
is what I don't want to happen.
Is there anyway of stopping the user from seeing all the other
information?
*** Sent via Developersdex http://www.examnotes.net ***
Don't just participate in USENET...get rewarded for it!Hi,
In Enterprise manager you cant control that.
Thanks
Hari
MCDBA
"Bryan Avery" <b_avery@.yahoo.com> wrote in message
news:ObOG040BEHA.892@.TK2MSFTNGP09.phx.gbl...
> I would like to be able to setup a user that can only select information
> from a View.
> But when I enable security for this user, the user can see all the
> tables, Views, Store Proc etc. I know it is only the names, but I don't
> want the user to be able to do this, as he is only allowed to view the
> view I have enabled for him.
> The user can log in using Enterprise Manager and flick through the
> tables, views etc, but can't read them, but he can get the names which
> is what I don't want to happen.
> Is there anyway of stopping the user from seeing all the other
> information?
>
>
> *** Sent via Developersdex http://www.examnotes.net ***
> Don't just participate in USENET...get rewarded for it!
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Monday, March 26, 2012
Tuesday, March 20, 2012
Re SQL Resolution Service
Hi,
I am a novice to SQL Server. I work in the area of network security. In my s
tudy of the SQL Slammer/Sapphire worm, I came across SQL Resolution Service
which listens on UDP Port 1434. It seems that this service is used by client
s to get the list of named
instances, to exchange keep-alive messages, and for opening a registry key (
the slammer worm cause). I would like to know what are its other uses and ot
her acceptable commands by the service. After my futile search on MSDN I am
posting a message here.
Any pointers or links regarding this are more than welcome.
Thanks in advance,
Bhagya
Posted using Wimdows.net NntpNews Component -
Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine sup
ports Post Alerts, Ratings, and Searching.SQL Resolution Service on UDP 1434 is only used to support
multi-instances. It's not used with SQL Server 7 as that
version doesn't support named instances. It's not used by
the SQL Server instance or directly by clients to connect to
SQL Server. It's just to enumerate the instances on a server
and find the listening port for the specific instance.
If you try to connect to YourServer\YourNamedInstance and
that's what you specify for the connection, it hits UDP 1434
to use the SQL Server Resolution Service to find what port
number YourServer\YourNamedInstance is listening on. You can
bypass that by specifying the port yourself and then there
is no need to go through UDP 1434.
-Sue
On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
<User@.-NOSPAM-SqlJunkies.com> wrote:
>Hi,
>I am a novice to SQL Server. I work in the area of network security. In my study of
the SQL Slammer/Sapphire worm, I came across SQL Resolution Service which listens o
n UDP Port 1434. It seems that this service is used by clients to get the list of na
med
instances, to exchange keep-alive messages, and for opening a registry key (the slammer worm
cause). I would like to know what are its other uses and other acceptable commands by the s
ervice. After my futile search on MSDN I am posting a message here.
>Any pointers or links regarding this are more than welcome.
>Thanks in advance,
>Bhagya
>--
>Posted using Wimdows.net NntpNews Component -
>Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine supports P
ost Alerts, Ratings, and Searching.|||I am looking for what are the uses of the resolution service which
runs on UDP 1434 and what commands it takes. I want to look at how did
the slammer worm succeed in triggering the vulnerability. From my
search on the Internet it seems that a command can be sent that starts
with '0x04' followed by some string, which results in opening a
registry entry on the server. What is the purpose of this command? Is
it for creating new named intances? If so, why would you allow anybody
to create new named instance on the server without any authentication?
any thoughts or ideas?
Thanks,
Bhagya
Sue Hoegemeier <Sue_H@.nomail.please> wrote in message news:<tg4fg0tm3lodstc7d5cllmj6g5guhh21
pt@.4ax.com>...[vbcol=seagreen]
> SQL Resolution Service on UDP 1434 is only used to support
> multi-instances. It's not used with SQL Server 7 as that
> version doesn't support named instances. It's not used by
> the SQL Server instance or directly by clients to connect to
> SQL Server. It's just to enumerate the instances on a server
> and find the listening port for the specific instance.
> If you try to connect to YourServer\YourNamedInstance and
> that's what you specify for the connection, it hits UDP 1434
> to use the SQL Server Resolution Service to find what port
> number YourServer\YourNamedInstance is listening on. You can
> bypass that by specifying the port yourself and then there
> is no need to go through UDP 1434.
> -Sue
> On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
> <User@.-NOSPAM-SqlJunkies.com> wrote:
>
security. In my study of the SQL Slammer/Sapphire worm, I came across
SQL Resolution Service which listens on UDP Port 1434. It seems that
this service is used by clients to get the list of named instances, to
exchange keep-alive messages, and for opening a registry key (the
slammer worm cause). I would like to know what are its other uses and
other acceptable commands by the service. After my futile search on
MSDN I am posting a message here.[vbcol=seagreen]|||The internals of the Listener service are not available. Documentation on
the how the Listener service works with SQL
is included in SQL Books Online.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
I am a novice to SQL Server. I work in the area of network security. In my s
tudy of the SQL Slammer/Sapphire worm, I came across SQL Resolution Service
which listens on UDP Port 1434. It seems that this service is used by client
s to get the list of named
instances, to exchange keep-alive messages, and for opening a registry key (
the slammer worm cause). I would like to know what are its other uses and ot
her acceptable commands by the service. After my futile search on MSDN I am
posting a message here.
Any pointers or links regarding this are more than welcome.
Thanks in advance,
Bhagya
Posted using Wimdows.net NntpNews Component -
Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine sup
ports Post Alerts, Ratings, and Searching.SQL Resolution Service on UDP 1434 is only used to support
multi-instances. It's not used with SQL Server 7 as that
version doesn't support named instances. It's not used by
the SQL Server instance or directly by clients to connect to
SQL Server. It's just to enumerate the instances on a server
and find the listening port for the specific instance.
If you try to connect to YourServer\YourNamedInstance and
that's what you specify for the connection, it hits UDP 1434
to use the SQL Server Resolution Service to find what port
number YourServer\YourNamedInstance is listening on. You can
bypass that by specifying the port yourself and then there
is no need to go through UDP 1434.
-Sue
On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
<User@.-NOSPAM-SqlJunkies.com> wrote:
>Hi,
>I am a novice to SQL Server. I work in the area of network security. In my study of
the SQL Slammer/Sapphire worm, I came across SQL Resolution Service which listens o
n UDP Port 1434. It seems that this service is used by clients to get the list of na
med
instances, to exchange keep-alive messages, and for opening a registry key (the slammer worm
cause). I would like to know what are its other uses and other acceptable commands by the s
ervice. After my futile search on MSDN I am posting a message here.
>Any pointers or links regarding this are more than welcome.
>Thanks in advance,
>Bhagya
>--
>Posted using Wimdows.net NntpNews Component -
>Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine supports P
ost Alerts, Ratings, and Searching.|||I am looking for what are the uses of the resolution service which
runs on UDP 1434 and what commands it takes. I want to look at how did
the slammer worm succeed in triggering the vulnerability. From my
search on the Internet it seems that a command can be sent that starts
with '0x04' followed by some string, which results in opening a
registry entry on the server. What is the purpose of this command? Is
it for creating new named intances? If so, why would you allow anybody
to create new named instance on the server without any authentication?
any thoughts or ideas?
Thanks,
Bhagya
Sue Hoegemeier <Sue_H@.nomail.please> wrote in message news:<tg4fg0tm3lodstc7d5cllmj6g5guhh21
pt@.4ax.com>...[vbcol=seagreen]
> SQL Resolution Service on UDP 1434 is only used to support
> multi-instances. It's not used with SQL Server 7 as that
> version doesn't support named instances. It's not used by
> the SQL Server instance or directly by clients to connect to
> SQL Server. It's just to enumerate the instances on a server
> and find the listening port for the specific instance.
> If you try to connect to YourServer\YourNamedInstance and
> that's what you specify for the connection, it hits UDP 1434
> to use the SQL Server Resolution Service to find what port
> number YourServer\YourNamedInstance is listening on. You can
> bypass that by specifying the port yourself and then there
> is no need to go through UDP 1434.
> -Sue
> On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
> <User@.-NOSPAM-SqlJunkies.com> wrote:
>
security. In my study of the SQL Slammer/Sapphire worm, I came across
SQL Resolution Service which listens on UDP Port 1434. It seems that
this service is used by clients to get the list of named instances, to
exchange keep-alive messages, and for opening a registry key (the
slammer worm cause). I would like to know what are its other uses and
other acceptable commands by the service. After my futile search on
MSDN I am posting a message here.[vbcol=seagreen]|||The internals of the Listener service are not available. Documentation on
the how the Listener service works with SQL
is included in SQL Books Online.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Monday, March 12, 2012
RDO Connection through VB
Hi,
I am using VB to connect to the database and I am using RDO (Remote Data Objects) for this connectivity.
For security reasons, I am using the userid and password retrieved from a different database to establish the connection to the production server. The password we retrieve is encrypted and the connection program decrypts that and connects.
All is fine so far. But after I connect to the database, in the VB project, in the debug mode, I can see the connection string by accessing the property RdoConnection.Connect.
Is there a way, by which, I could establish the rdoconnection and immediately after that, change the 'Connect' property of that to something else, so that it does not have the actual connection information?
Thanks in advance
RajI don't think so. When you change the connect property, I think you will lose the connection.
You could make the class that holds the RDO object private so that it is not remotely accessible. You should also make the RDO object private to the class, and provide write-only access to the connection string by creating a Let property with no Get property.
I am using VB to connect to the database and I am using RDO (Remote Data Objects) for this connectivity.
For security reasons, I am using the userid and password retrieved from a different database to establish the connection to the production server. The password we retrieve is encrypted and the connection program decrypts that and connects.
All is fine so far. But after I connect to the database, in the VB project, in the debug mode, I can see the connection string by accessing the property RdoConnection.Connect.
Is there a way, by which, I could establish the rdoconnection and immediately after that, change the 'Connect' property of that to something else, so that it does not have the actual connection information?
Thanks in advance
RajI don't think so. When you change the connect property, I think you will lose the connection.
You could make the class that holds the RDO object private so that it is not remotely accessible. You should also make the RDO object private to the class, and provide write-only access to the connection string by creating a Let property with no Get property.
Subscribe to:
Posts (Atom)