Hi all, 

I have to 'turn off' a dbase in SQL server 7 (a client has moved and we want

to ensure they are not using old connection string and our dbase)

What i was going to do was remove the user they are using for the login in

the connection string..unfortunately this is the sa login and an owner of

objects and therefore not deleteable for this dbase.

I don't really want to delete the dbase only make it 'unavailable'

Any recommendations?

Could I rename the mdf file?

Thanks guys



Sam

you gave a client the sa login for your db???? oh my goodnes... what about

changing the pass of the sa login.. and say.. maybe dont just give that out

anymore.. i mean sa is like root...



daniel



--

-----------------------------

Daniel O'Dorisio

daniel@o...

www.odorisio-networks.com

-----------------------------

"Sam Clohesy" <sam@e...> wrote in message

news:121996@a..._databases...

>

> Hi all,

> I have to 'turn off' a dbase in SQL server 7 (a client has moved and we

want

> to ensure they are not using old connection string and our dbase)

> What i was going to do was remove the user they are using for the login in

> the connection string..unfortunately this is the sa login and an owner of

> objects and therefore not deleteable for this dbase.

> I don't really want to delete the dbase only make it 'unavailable'

> Any recommendations?

> Could I rename the mdf file?

> Thanks guys

>

> Sam

>

>

Hi Daneil could'nt agree with you more on this

I know before my time this was done. The problem being there are other sites

that run off the sa password which will all fall over if I change the

attributes of the sa login...Not a good situation I agree. 

May just have to delete the dbase..

Any alternative solutions much appreaciated



Thanks



Sam



Sam Clohesy

Project Manager

Tel: 0208 772 3958

E: samc@e...

W: http://www.etypemedia.co.uk





-----Original Message-----

From: Daniel O'Dorisio [mailto:daniel@o...]

Sent: 21 November 2001 16:52

To: ASP Databases

Subject: [asp_databases] Re: Turning off SQL server dbase





you gave a client the sa login for your db???? oh my goodnes... what about

changing the pass of the sa login.. and say.. maybe dont just give that out

anymore.. i mean sa is like root...



daniel



--

-----------------------------

Daniel O'Dorisio

daniel@o...

www.odorisio-networks.com

-----------------------------

"Sam Clohesy" <sam@e...> wrote in message

news:121996@a..._databases...

>

> Hi all,

> I have to 'turn off' a dbase in SQL server 7 (a client has moved and we

want

> to ensure they are not using old connection string and our dbase)

> What i was going to do was remove the user they are using for the login in

> the connection string..unfortunately this is the sa login and an owner of

> objects and therefore not deleteable for this dbase.

> I don't really want to delete the dbase only make it 'unavailable'

> Any recommendations?

> Could I rename the mdf file?

> Thanks guys

>

> Sam

>

>







 




$subst('Email.Unsub')

This message is in MIME format. Since your mail reader does not understand

this format, some or all of this message may not be legible.



------_=_NextPart_001_01C172E0.8989D77C

Content-Type: text/plain



I am guessing that the password in blank as well.... If so set a password

*immediately* and update all your sites. 



Create a new login for each database with a password.

Set up the new login to have only access to that one database.

Set up the permissions for each of the new logins. Suggested is

db_datareader and db_datawriter.

Grant them access to procs and views. I have a little script for this (which

I got from OJ, SQLServer mailing list)



DECLARE @Login VarChar(50)

SET @Login = '<login name>'



SELECT 'GRANT EXECUTE ON [' + name + '] TO [' + @Login + ']'

FROM sysobjects

WHERE type='p' AND type='v'



To use it go into QA. Connect to the database you want. Put on the login

name where it says <login name>. Run it. Copy the results into QA code

window. Execute it.



Then change the connections made by the websites to their new login and

password. Repeat for all databases.



Then create a login for you to use for administering the database (not sa,

but with the same rights) and give the sa login a *long* password.



Congratulations you have now taken a step towards securing you data.



As for removing the old database, make a backup, truncate the log then use

sp_detach_db (documentation in BOL) and delete/archive the mdf and ldf

files.



regards

David Cameron

nOw.b2b

dcameron@i...



-----Original Message-----

From: Sam Clohesy [mailto:sam@e...]

Sent: Thursday, 22 November 2001 3:11 AM

To: ASP Databases

Subject: [asp_databases] Re: Turning off SQL server dbase





Hi Daneil could'nt agree with you more on this

I know before my time this was done. The problem being there are other sites

that run off the sa password which will all fall over if I change the

attributes of the sa login...Not a good situation I agree. 

May just have to delete the dbase..

Any alternative solutions much appreaciated



Thanks



Sam



Sam Clohesy

Project Manager

Tel: 0208 772 3958

E: samc@e...

W: http://www.etypemedia.co.uk





-----Original Message-----

From: Daniel O'Dorisio [mailto:daniel@o...]

Sent: 21 November 2001 16:52

To: ASP Databases

Subject: [asp_databases] Re: Turning off SQL server dbase





you gave a client the sa login for your db???? oh my goodnes... what about

changing the pass of the sa login.. and say.. maybe dont just give that out

anymore.. i mean sa is like root...



daniel



--

-----------------------------

Daniel O'Dorisio

daniel@o...

www.odorisio-networks.com

-----------------------------

"Sam Clohesy" <sam@e...> wrote in message

news:121996@a..._databases...

>

> Hi all,

> I have to 'turn off' a dbase in SQL server 7 (a client has moved and we

want

> to ensure they are not using old connection string and our dbase)

> What i was going to do was remove the user they are using for the login in

> the connection string..unfortunately this is the sa login and an owner of

> objects and therefore not deleteable for this dbase.

> I don't really want to delete the dbase only make it 'unavailable'

> Any recommendations?

> Could I rename the mdf file?

> Thanks guys

>

> Sam

>

>







 




$subst('Email.Unsub')



 




$subst('Email.Unsub')

it dosnt matter.. if you delete the dbase and they have sa priviledges..

they can still go in and recreate it.. sure they may not have the data, but

how hard is it to get a backup remotely?? no problem..your first priority

regardless is to change the pass on sa, then give all your other clients

their own login and update all sites.. like david said.. that is the only

option.. you cant go on giving out the master key to everyone.. what about

your clients accessing the wrong data? deleting the wrong data? hmm... makes

you think...





daniel



--

-----------------------------

Daniel O'Dorisio

daniel@o...

www.odorisio-networks.com

-----------------------------

"Sam Clohesy" <sam@e...> wrote in message

news:122031@a..._databases...

>

> Hi Daneil could'nt agree with you more on this

> I know before my time this was done. The problem being there are other

sites

> that run off the sa password which will all fall over if I change the

> attributes of the sa login...Not a good situation I agree.

> May just have to delete the dbase..

> Any alternative solutions much appreaciated

>

> Thanks

>

> Sam

>

> Sam Clohesy

> Project Manager

> Tel: 0208 772 3958

> E: samc@e...

> W: http://www.etypemedia.co.uk

>

>

> -----Original Message-----

> From: Daniel O'Dorisio [mailto:daniel@o...]

> Sent: 21 November 2001 16:52

> To: ASP Databases

> Subject: [asp_databases] Re: Turning off SQL server dbase

>

>

> you gave a client the sa login for your db???? oh my goodnes... what about

> changing the pass of the sa login.. and say.. maybe dont just give that

out

> anymore.. i mean sa is like root...

>

> daniel

>

> --

> -----------------------------

> Daniel O'Dorisio

> daniel@o...

> www.odorisio-networks.com

> -----------------------------

> "Sam Clohesy" <sam@e...> wrote in message

> news:121996@a..._databases...

> >

> > Hi all,

> > I have to 'turn off' a dbase in SQL server 7 (a client has moved and we

> want

> > to ensure they are not using old connection string and our dbase)

> > What i was going to do was remove the user they are using for the login

in

> > the connection string..unfortunately this is the sa login and an owner

of

> > objects and therefore not deleteable for this dbase.

> > I don't really want to delete the dbase only make it 'unavailable'

> > Any recommendations?

> > Could I rename the mdf file?

> > Thanks guys

> >

> > Sam

> >

> >

>

>

>

>




> $subst('Email.Unsub')

>

>

I agree that just deleting the database is not the right answer.  The

problem here goes well beyond a former client being able to access their

database.  The true problem is that you have somebody that you don't want to

access your database server and that person has all the tools they need for

SA access.  You need to go through the headache of correcting the root

problem.  Assign a unique login to each client and modify the sites.



=================================

Kyle M. Burns, MCSD, MCT

ECommerce Technology Manager

Centra Credit Union

kburns@c...



 



-----Original Message-----

From: Daniel O'Dorisio [mailto:daniel@o...]

Sent: Wednesday, November 21, 2001 6:13 PM

To: ASP Databases

Subject: [asp_databases] Re: Turning off SQL server dbase





it dosnt matter.. if you delete the dbase and they have sa priviledges..

they can still go in and recreate it.. sure they may not have the data, but

how hard is it to get a backup remotely?? no problem..your first priority

regardless is to change the pass on sa, then give all your other clients

their own login and update all sites.. like david said.. that is the only

option.. you cant go on giving out the master key to everyone.. what about

your clients accessing the wrong data? deleting the wrong data? hmm... makes

you think...





daniel



--

-----------------------------

Daniel O'Dorisio

daniel@o...

www.odorisio-networks.com

-----------------------------

"Sam Clohesy" <sam@e...> wrote in message

news:122031@a..._databases...

>

> Hi Daneil could'nt agree with you more on this

> I know before my time this was done. The problem being there are other

sites

> that run off the sa password which will all fall over if I change the

> attributes of the sa login...Not a good situation I agree.

> May just have to delete the dbase..

> Any alternative solutions much appreaciated

>

> Thanks

>

> Sam

>

> Sam Clohesy

> Project Manager

> Tel: 0208 772 3958

> E: samc@e...

> W: http://www.etypemedia.co.uk

>

>

> -----Original Message-----

> From: Daniel O'Dorisio [mailto:daniel@o...]

> Sent: 21 November 2001 16:52

> To: ASP Databases

> Subject: [asp_databases] Re: Turning off SQL server dbase

>

>

> you gave a client the sa login for your db???? oh my goodnes... what about

> changing the pass of the sa login.. and say.. maybe dont just give that

out

> anymore.. i mean sa is like root...

>

> daniel

>

> --

> -----------------------------

> Daniel O'Dorisio

> daniel@o...

> www.odorisio-networks.com

> -----------------------------

> "Sam Clohesy" <sam@e...> wrote in message

> news:121996@a..._databases...

> >

> > Hi all,

> > I have to 'turn off' a dbase in SQL server 7 (a client has moved and we

> want

> > to ensure they are not using old connection string and our dbase)

> > What i was going to do was remove the user they are using for the login

in

> > the connection string..unfortunately this is the sa login and an owner

of

> > objects and therefore not deleteable for this dbase.

> > I don't really want to delete the dbase only make it 'unavailable'

> > Any recommendations?

> > Could I rename the mdf file?

> > Thanks guys

> >

> > Sam

> >

> >

>

>

>

>




> $subst('Email.Unsub')

>

>







 




$subst('Email.Unsub')

Thanks Kyle. this is what I have done.

Thanks guys



Sam Clohesy

Project Manager

Tel: 0208 772 3958

E: samc@e...

W: http://www.etypemedia.co.uk





-----Original Message-----

From: Kyle Burns [mailto:kburns@c...]

Sent: 23 November 2001 14:04

To: ASP Databases

Subject: [asp_databases] Re: Turning off SQL server dbase





I agree that just deleting the database is not the right answer.  The

problem here goes well beyond a former client being able to access their

database.  The true problem is that you have somebody that you don't want to

access your database server and that person has all the tools they need for

SA access.  You need to go through the headache of correcting the root

problem.  Assign a unique login to each client and modify the sites.



=================================

Kyle M. Burns, MCSD, MCT

ECommerce Technology Manager

Centra Credit Union

kburns@c...



 



-----Original Message-----

From: Daniel O'Dorisio [mailto:daniel@o...]

Sent: Wednesday, November 21, 2001 6:13 PM

To: ASP Databases

Subject: [asp_databases] Re: Turning off SQL server dbase





it dosnt matter.. if you delete the dbase and they have sa priviledges..

they can still go in and recreate it.. sure they may not have the data, but

how hard is it to get a backup remotely?? no problem..your first priority

regardless is to change the pass on sa, then give all your other clients

their own login and update all sites.. like david said.. that is the only

option.. you cant go on giving out the master key to everyone.. what about

your clients accessing the wrong data? deleting the wrong data? hmm... makes

you think...





daniel



--

-----------------------------

Daniel O'Dorisio

daniel@o...

www.odorisio-networks.com

-----------------------------

"Sam Clohesy" <sam@e...> wrote in message

news:122031@a..._databases...

>

> Hi Daneil could'nt agree with you more on this

> I know before my time this was done. The problem being there are other

sites

> that run off the sa password which will all fall over if I change the

> attributes of the sa login...Not a good situation I agree.

> May just have to delete the dbase..

> Any alternative solutions much appreaciated

>

> Thanks

>

> Sam

>

> Sam Clohesy

> Project Manager

> Tel: 0208 772 3958

> E: samc@e...

> W: http://www.etypemedia.co.uk

>

>

> -----Original Message-----

> From: Daniel O'Dorisio [mailto:daniel@o...]

> Sent: 21 November 2001 16:52

> To: ASP Databases

> Subject: [asp_databases] Re: Turning off SQL server dbase

>

>

> you gave a client the sa login for your db???? oh my goodnes... what about

> changing the pass of the sa login.. and say.. maybe dont just give that

out

> anymore.. i mean sa is like root...

>

> daniel

>

> --

> -----------------------------

> Daniel O'Dorisio

> daniel@o...

> www.odorisio-networks.com

> -----------------------------

> "Sam Clohesy" <sam@e...> wrote in message

> news:121996@a..._databases...

> >

> > Hi all,

> > I have to 'turn off' a dbase in SQL server 7 (a client has moved and we

> want

> > to ensure they are not using old connection string and our dbase)

> > What i was going to do was remove the user they are using for the login

in

> > the connection string..unfortunately this is the sa login and an owner

of

> > objects and therefore not deleteable for this dbase.

> > I don't really want to delete the dbase only make it 'unavailable'

> > Any recommendations?

> > Could I rename the mdf file?

> > Thanks guys

> >

> > Sam

> >

> >

>

>

>

>




> $subst('Email.Unsub')

>

>







 




$subst('Email.Unsub')



 




$subst('Email.Unsub')