Getting Started with Adobe After Effects - Part 6: Motion Blur
Ask
Ask questions, discuss or help others by answering
Related Posts · View All
SQL Server 141
TSQL 75
SSRS 70
SSIS 66
XML 54

Top Categories · View All
SQL Server 141
TSQL 75
SSRS 70
SSIS 66
XML 54

Regarding Guest User In SQL Server Databases

Jun 9 2010 12:00AM by calyan   

Hi Team,

Everybody says "Guest" user should be disabled and it is a best practice. But  any one tell me why exactly we need to disable this account. What is the dis-advantages / vulnerabilities if I didn't disable that user.

I tried to query the database where guest user is enabled, but i didnot get any result from any object. Then what is the difference between enabling or disabling guest account.

 

Submitted under: Microsoft SQL Server · Security · Installation ·  · 

calyan
209 · 1% · 222

5 Replies

  • I think one disadvantage is that, when the guest user is added to the database, anyone having a valid login can access the given databases. This might be a security threat in some environments.

    commented on Jun 9 2010 10:07AM
    Jacob Sebastian
    1 · 100% · 32004

  • hello brother ... what is said is perfect any login can access the database when guest user is enabled on it, but we cannot query any single object in the database, then how it can be a security threat that is what i am thinking.

    commented on Jun 10 2010 12:35AM
    calyan
    209 · 1% · 222

  • Hi Calyan,

    Welcome to BeyondRelational and very interesting question.

    Let us start with simple example. One server has two database. Database A and Database B. User A has access to only Database A and User B has access to only Database B. When User A is logged in he can do all the necessary based on permission in Database A but is logged in Database B as Guest. In default condition, he can not do anything as SQL Server does not have any permission on guest login (which can be found under ServerInstance >> Databases>> System Databases >> master>> Security >> Users >> Guest).

    However, the feature is that if you modify the guest login and give any permission to that login (e.g. create, drop or anything which are applicable), automatically all the Guest logins (in our earlier case User A) will get those permissions.

    I think this sometime can create compromising situation and all the other admins can overlook it (if one person has modified permission). For the same reason, you need to disable it. I think this is what exactly Jacob is suggesting in earlier thread.

    Many thanks,

    commented on Jun 10 2010 6:26AM
    Pinal Dave
    146 · 1% · 326

  • really thanks for reply....... i am very much happy that becoz i am getting replies from SQL GURUS whom i like most.

     

    commented on Jun 10 2010 11:14AM
    calyan
    209 · 1% · 222

  • Jacob and Pinal has clearly explained this.

    Any database user requires map to a login. But the guest user, does not require mapping to any login. Hence it suggested to disable the login other than master and  tempdb databases.

    BOL SQL Server 2008: "By default, the database includes a guest user when a database is created. Permissions granted to the guest user are inherited by users who do not have a user account in the database."

    commented on Aug 1 2010 6:22AM
    Sivaprasad S - SIVA
    239 · 1% · 188

Your Reply
Sign Up or Login to post a comment.
    Copyright © Rivera Informatic Private Ltd Contact us      Privacy Policy      Terms of use      Report Abuse      Advertising      [ZULU1097]