How do you configure a MS SQL Server to prevent exposing all database names and logins to any authenticated user?
Solution 1
Speaking from the development side, I can say that the admin should be able to lock everyone down to their own database (and probably master as well, for metadata). From the MSDN, the list of SQL Server securables includes databases and the permissions include being able to even see the database. Here is a link to the MSDN Security considerations for databases.
Solution 2
Management Studio gets the list of databases from sys.databases. The default permissions on sys.databases is for each login to see only it's own database:
If the caller of sys.databases is not the owner of the database and the database is not master or tempdb, the minimum permissions required to see the corresponding row are ALTER ANY DATABASE or VIEW ANY DATABASE server-level permission, or CREATE DATABASE permission in the master database. The database to which the caller is connected can always be viewed in sys.databases.
If you have logins that see databases other that their own, it implies said logins have unnecessary privileges, like CREATE DATABASE.
Related videos on Youtube
44 : 45
10 : 54
05 : 51
21 : 01
02 : 55
Admin
Updated on September 17, 2022Comments
-
Admin almost 2 years
I'm new to MS SQL and asking this question as a web developer with limited sysadmin experience who desires his service providers to use best practices.
We have one database on a remote MS SQL server provided by our hosting company. Other clients of our hosting company use this same server for their databases. When I log in to the server using Microsoft SQL Server Management Studio Express, I can see a whole lot of information, including the names of all of the databases on the server and all of the logins.
While I can't access other clients' databases nor see passwords, it seems strange to me that I would even be able to see this information. I certainly don't want other clients to know the name of my database or my login. When I brought up this concern with my service provider, this was his reply:
I checked with my SQL guy and he said that unfortunately is a limitation of MSSQL Server. Although the database names are visible, you cannot access any database without the password for that database.
This is what I see after logging in:
- mssql.server.com
- Databases
- System Databases
- A whole bunch of client databases...
- Security
- Logins
- A whole bunch of client logins...
- Server Objects
- Replication
- Management
- Databases
Is this the right way to set up an SQL Server? Please confirm or deny my suspicion that the answer is no and I need to find someone else to host our database.
- mssql.server.com
-
Admin about 4 yearsThere are so many mistakes in this thread including the answer which was selected. This is actually the only good answer. All LOGINs belongs to a server role named "public", and USERs inherit the permissions granted to public rule. If you want to grant or revoke permissions to all new logins then you can edit the permissions of the public rule. For the current task you can do it using the SSMS GUI: open SQL Server Management Studio, right click the server and click "Properties". Click on "Permissions" and then select the "Public" role and remove "Grant" from "View Any Database".