Hello everyone,
I have a client application (Windows app) that logs into a database
via an SQL account. As part of the nature of the application, the
initial login screen of the application has the following fields:
database name: (text field)
sql username: (text field)
sql password: (text field)
database: (drop down)
Filling up the information required on the first 3 fields is
straightforward, but when the drop down is selected to supposedly
choose which database to work on, ocassionally an error comes up
saying that the SQL username does not have access to a particular
database, say DATA1. This happens about 3 in 10 "dropdown selection"
attempts, and will just fix itself after a while or after several
attempts.
The particular SQL login indeed does not have any access to DATA1 (our
example) but based on the data captured in the Profiler, the Windows
application should not have "seen" the DATA1 database. This was the
query as captured:
select db_name()
select name from master..sysdatabases where has_dbaccess(name)=1
Running the above in QA will only list the databases that the
particular SQL account has access to (and the current database), and
does not include DATA1. The above query is executed whenever the drop
down is selected and there are no other queries being made.
Any ideas on this one? I acknowledge that there could be a bug on the
application where it is trying to access the other databases that it
does not have access to...but my question is, how was the application
able to know or enumerate the other databases that the account does
not have access to based on the queries above? (The account can still
do a query to master.dbo.sysdatabases, but such a query has never been
captured.)
Thanks.
AramidCan you verify using Prilfer events like (Audit Login, Audit Logout and
ExistingConnection) to make sure the application is indeed making the
connections as you would expect?
--
HTH,
Vyas, MVP (SQL Server)
SQL Server Articles and Code Samples @. http://vyaskn.tripod.com/
"aramid" <aramid@.hotmail.com> wrote in message
news:2bt371hd68ut7iis3ltm3u2cjbvokcqb3i@.
4ax.com...
Hello everyone,
I have a client application (Windows app) that logs into a database
via an SQL account. As part of the nature of the application, the
initial login screen of the application has the following fields:
database name: (text field)
sql username: (text field)
sql password: (text field)
database: (drop down)
Filling up the information required on the first 3 fields is
straightforward, but when the drop down is selected to supposedly
choose which database to work on, ocassionally an error comes up
saying that the SQL username does not have access to a particular
database, say DATA1. This happens about 3 in 10 "dropdown selection"
attempts, and will just fix itself after a while or after several
attempts.
The particular SQL login indeed does not have any access to DATA1 (our
example) but based on the data captured in the Profiler, the Windows
application should not have "seen" the DATA1 database. This was the
query as captured:
select db_name()
select name from master..sysdatabases where has_dbaccess(name)=1
Running the above in QA will only list the databases that the
particular SQL account has access to (and the current database), and
does not include DATA1. The above query is executed whenever the drop
down is selected and there are no other queries being made.
Any ideas on this one? I acknowledge that there could be a bug on the
application where it is trying to access the other databases that it
does not have access to...but my question is, how was the application
able to know or enumerate the other databases that the account does
not have access to based on the queries above? (The account can still
do a query to master.dbo.sysdatabases, but such a query has never been
captured.)
Thanks.
Aramid
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment