This is not a security hole at crystatech, it is simply how enterprise manager/sql server works. It does not restrict you from viewing other databases, but you cannot do anything with them if your user does not have access.
There is a modfication you can make to the master database SP's to change this behaviour, but CT obviously don't know about that, and it has been known to cause other issues if you do it anyway. -- Snake -----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: 08 May 2006 17:58 To: CF-Talk Subject: Big SQL security hole at Crystaltech? After signing onto a new client's SQL Server account, first on one dedicated server and then another, I found I could not only see several other databases belonging to other customers... I could click on the Tables tab and see all of their tables. Taking it a step further, I could double-click on a table and pull up its table structure. All of this is in SQL Enterprise Manager. They have two separate accounts and I could see eight other databases that didn't belong to my client on one server and 9 on the other. I could not modify the tables or view the data (I didn't even try to Drop of course). Poking around a little more, I found I could view all of another db's stored procedures! This prompted me to load up a second customer of mine, who also has a SQL account at Crystaltech. Same freaking story! Before I completely blow a gasket I wanted to confirm this is as big of a screwup as I think it is. There is an easy fix for this right? I fired up another client and, while I can see other existing db's, if I try and click on anything I get a refusal (error 916. not an authorized user). Anyone else with a Crystaltech account... Can you chime in here? Do you see the same things I do? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239834 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
