> We've had this conversation on this list before, and yes what > you saw is true. If I remember right, it's a weakness of SQL > Server, not CrystalTech. Well, except for the fact that > Crystaltech allows remote connections using EM (a lot of > hosts don't allow this). I also think someone posted a > method to turn this off, but I think it's at the client level > not the server. So security wise, that's useless. "Excuse > me, Mr. hacker. Would you mind turning off the 'List all > servers' option?"
I don't think this is entirely correct. You should be able to see a list of other databases by default, but you should not be able to see objects within those databases. This would require that their DBA revoke the "public" group role throughout the server, if I recall correctly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239828 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54