by Barry Faasse » Wed, 29 Apr 1998 04:00:00
After experimenting with SQL Server, IIS40 and ASP I noticed that the
security has been gone in SQL Server. The strange thing was that when I
wanted to open a database with ADO, ASP and IIS with anonymous user
(IUSR_compuname) logins on it wouldnot work, but when I removed the
anonymous user I could logon to the SQL Server as System Admin even with a
name not used in SQL server WinNT.
I dont know how this could happen, but it happened twice ....
by Hunt Brigh » Mon, 11 May 1998 04:00:00
First, are you using integrated security?
Second, are you testing on local intranet via LAN?
If the answers are yes, the result you got might
be expected. SQLserver do offer Trusted Connection.
However, the username you use should belong to
Administrator group.
Not quite clear about this:
You may need offer more detail.Quote:>"even with a name not used in SQL server WinNT."
Hunt Bright
Quote:> After experimenting with SQL Server, IIS40 and ASP I noticed that the
> security has been gone in SQL Server. The strange thing was that when I
> wanted to open a database with ADO, ASP and IIS with anonymous user
> (IUSR_compuname) logins on it wouldnot work, but when I removed the
> anonymous user I could logon to the SQL Server as System Admin even with
a
> name not used in SQL server WinNT.
> I dont know how this could happen, but it happened twice ....
1. Remote server login security bug?
I have a problem calling a local stored procedure from a remote server. The
call is executed by an NT-account ('WATER\Dbrun'), that is an administrator
on both servers belonging to the domain '\\WET\'. The login is mapped to the
'same name' on the local server without any password check.
When the call is issued, SQL Server 7 answers:
"Login failed for user 'WATER\Dbrun'. Reason: Not associated with a trusted
SQL Server connection. [SQLSTATE 42000] (Error 18452). The step failed."
Now you wonder why I don't use a linked server instead, since I have SQL
Server 7? I tried it but I was not allowed to create a linked server
'SERVERB' on the remote server, because there was already a remote one with
that same name. And I could not delete it, because SERVERB is a subscriber
to a SERVERA publication.
But the main question remains:
Why does the remote login fail???
I would be very grateful if somebody out there knew the answer.
Regards,
Fredrik M?ller, Frontyard Systems
2. Screen interaction slow after AIX upgrade
3. linked server security bug???
4. Announcing: Testing Computer Software Conference (TCS2000)
5. XMLBulkLoad Works with integrated security, fails with SQL Server security
7. How to integrate Access application security with a SQL Server security
9. SQL Server Bug or Query Bug?
10. ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool
12. Bug in vss sql interdev security
13. How to connect to SQL Server through ADO (SOL Server uses Integrated Security)