"Annonymous Coward" <me@home.comwrote in message
news:j4******************************@bt.com...
>I recently downloaded and install SQLServer Express. I am considering using
it as the backend db for my app (i.e. moving from the current PostgreSQL).
I run sqlcmd without specifying any username or pwd, and I was suprised
that I had access to the 'server', and could create and drop databses
(admittedly I dropped only the dbs I created). This appears to be a *HUGE*
security flaw - unless (I hope), I have missed something.
Umm, not really. This is by design. Especially if you have any sorts of
admin capabilities on your box.
BTW, based on this and your other post, I would highly recommend you pick up
a book (check out Microsoft Press) on SQL Server 2005 security. There's far
to much to learn than you can adequately learn in a newsgroup like this.
Simply put, done correctly SQL Server 2005 is pretty much as secure as
anything else out ther.e
Also, does anyone know where I can get help at the command line, so I can
interrogate the server (e.g. viewing list of available dbs, tables in a
db, db/view schema etc).
Last but not the least, is there a frontend for SSE?
Yes. I don't have the URL off-hand thouhg.
--
Greg Moore
SQL Server DBA Consulting Remote and Onsite available!
Email: sql (at) greenms.com
http://www.greenms.com/sqlserver.html