April 19, 2004 at 1:39 pm
Hello,
MMSQL7/SP2 and MSSQL2000/SP3
Any ideal why "guest" is added to the sysusers table each time a database is created? Is this a potential backdoor? Should this be removed?
Many thanks. Jeff
April 20, 2004 at 2:41 am
You'll probably need to delete guest from model to prevent this happening.
Yes it is a security issue.
I remove guest from every database that allows me to.
Cheers,
- Mark
April 20, 2004 at 7:18 am
Hi,
I don't see the user through Enterprise Manager, but I see an entry in the model sysusers table ... but I thought Microsoft frowns on updates to the system tables ie: deleting this record?
Many thanks. Jeff
April 20, 2004 at 2:29 pm
If you take a close look at the sysusers table, the hasdbaccess column actually determines if the guest account is active. The row for the guest account should be in sysusers. If guest is enabled, hasdbaccess will be equal to 1. If it's not enabled, hasdbaccess will equal 0.
K. Brian Kelley
@kbriankelley
April 21, 2004 at 7:35 am
Thanks Brian. Makes sense.
Many thanks. Jeff
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply