"Annonymous Coward" <me@[EMAIL PROTECTED]
> wrote in message
news:j46dna4uNN2e0f_VnZ2dnUVZ8sjinZ2d@[EMAIL PROTECTED]
>I recently downloaded and install SQLServer Express. I am considering
using
>it as the backend db for my app (i.e. moving from the current
PostgreSQL).
>
> I run sqlcmd without specifying any username or pwd, and I was suprised
> that I had access to the 'server', and could create and drop databses
> (admittedly I dropped only the dbs I created). This appears to be a
*HUGE*
> security flaw - unless (I hope), I have missed something.
>
Umm, not really. This is by design. Especially if you have any sorts of
admin capabilities on your box.
BTW, based on this and your other post, I would highly recommend you pick
up
a book (check out Microsoft Press) on SQL Server 2005 security. There's
far
to much to learn than you can adequately learn in a newsgroup like this.
Simply put, done correctly SQL Server 2005 is pretty much as secure as
anything else out ther.e
> Also, does anyone know where I can get help at the command line, so I
can
> interrogate the server (e.g. viewing list of available dbs, tables in a
> db, db/view schema etc).
>
> Last but not the least, is there a frontend for SSE?
Yes. I don't have the URL off-hand thouhg.
--
Greg Moore
SQL Server DBA Consulting Remote and Onsite available!
Email: sql (at) greenms.com
http://www.greenms.com/sqlserver.html
|
