Post reply

SQL Server Passthrough Query changes password regardless of permissions

  • July 7, 2006 at 11:00 am

    #90246

    I have a SQL Server Express with 2 user logins. One is Dan, and has all Server roles. Another is Fred and has Guest roles for a database.

    When I do a backup using Dan, it works great. When I try to do a backup using Fred, it fails by design, ie. also works great.

    My problem is this... When I write an ADODB query VB:

    ALTER LOGIN Dan WITH PASSWORD = 'NewPass' UNLOCK

    It will allow me to change any password, regardless of the username and password in the ADODB connectionstring.

    Obviously a giant security hole, but I'm not sure what I did wrong in SQL Server Setup (Installed yesterday)

    Question/Comments are appreciated, and thank you in advance for your time!

    Dan

  • July 7, 2006 at 12:07 pm

    #648050

    Ok, I see I got the dreaded "Newbie" flag, so I decided to try a bit harder. Here's what I did:

    I disabled the Builtin/Administrator account's sysadmin role.

    The maching I was connectin from was an admin machine too, which was causing the SQL Server to authenticate me as a Sysadmin regardless of my user name and pass. Is that right?

     

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply