The Planet Forums > SQL Server: Balancing Security vs Functionality

Full Version: SQL Server: Balancing Security vs Functionality

The Planet Forums > Security > General Security > Windows Security

Kyle

Feb 15 2005, 12:54 PM

I'm pretty competent when it comes to SQL Server, but I'm not going to kid myself. I'm not a guru. So, I'm hoping there's somebody out there that is and has a better solution for this kind of thing.

I'm a shared web hosting provider and I just received our acceptance letter from Microsoft for the SPLA program. So, now we're authorized to resell SQL Server space. I just have to order the media and install the VL version over the top of the trial copy we've been running. However, I was messing around with things last night and noticed a problem. It seems that when you lock down the master db (and msdb in some cases) a lot of the remote management tools stop working. Particularly, if you remove public permissions from the sysdatabases table in the master db, ASP.NET Enterprise Manager starts thinking the login has failed and the Microsoft web-based SQL Manager produces an error after you log in. I've also noticed that Enterprise manager will no longer produce a list of databases when you do this. Now, when I restore public permissions to sysdatabases, every login can see every database, however when trying to access others' databases, it says "blah is not a valid user for database blah." So, it's somewhat secure and all the remote management tools start working (to some degree), but it's somewhat like having list permissions enabled on your root domains directory for all web users. It makes me uneasy. Luckily, restricting access to sysxlogins seems to disable public listing of all logins with no ill side-effects.

So, I guess my question is "How do other shared hosting providers that offer SQL Server cope with this situation?" From what I've heard TP allows you to access their shared SQL Server space with Enterprise Manager, however it has to be done from within their network. So, you'd have to install it on your server. Though, when you do that, can you still see everybody elses databases? I'm almost convinced that Enterprise Manager relies on lax permissions like that. I use Helm as a control panel, so I can't very well setup any kind of grand custom permission scheme. When it creates a user, it just assigns them as dbo for the db they're created under. Is there some way I can adjust the permissions of the tables, views, stored procedures, etc in the master database so that it's secure as possible while still retaining a considerable amount of functionality? Also, what's the best way to provide remote database access while remaining secure?

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.