April 29, 2004 at 12:40 pm
I am taking over administration of a database set up by a vendor and all of the user logins use default database Master. Under the Database Access tab they only have the application databases (2) checked. Is it dangerous to have them defaulting to Master? Is this OK since they are limited by the DB Access tab?
April 29, 2004 at 1:15 pm
While I don't think it's a big deal, it is a possible security risk. Just one more attack vector that is open. You might want to be sure that their permissions are limited in master. That being said, it shouldn't affect anything to default them to an app database.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
April 30, 2004 at 11:05 am
I've tried to enforce the approach where the user default DB is **not** the master database and I've got a few troubles, namely when deleting the mentioned databases (even if the user got access to other databases)
Now I just set tempdb as default database,even for myself, as it happened to me before to run scripts in the master database without even noticing...
April 30, 2004 at 11:15 am
TempDB is a good one because you know it needs to be there. I generally only configure a user db as the default db if the user account will only be used to access that db. For instance, if we have to use a SQL Server login or a Windows service account for a particular application then I'll consider it.
Keep in mind all users have rights to both master and tempdb through the guest user (and this is required in SQL Server 2000). Therefore, even if you move them out of master, they still potentially have access to it. This is also true of msdb, but you can revoke access to the guest user in msdb.
K. Brian Kelley
@kbriankelley
April 30, 2004 at 2:09 pm
As long as the users have no potentially destructive rights in the Master database how could Master as the default cause a problem? I just tried to open a table in the Master database and as expected got an error message.
Using the ODBC DSN to point to the correct database is a lot more flexible than using the default database. Even if every user has access to only one database today, what are the odds that this will still be true in six months?
April 30, 2004 at 3:12 pm
It will depend most of wich permissions are assigned to the public role.
You should check Brian's article
http://qa.sqlservercentral.com/articles/articlesexternal.asp?articleid=1258
June 4, 2004 at 11:13 am
My 2 cts...
I tend to leave the logins defaulted to the master database because I have had SQL Server upgrades to choke when it found users defaulted anywhere else.
Jon
June 4, 2004 at 7:00 pm
I default them to master db as well. Saves a lot of problems if you do a restore and the dbid changes. It's also just easier to admin. Apps should specify the damn db!
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply