Preventing admin access via SQL

Posted by Admin on 08-Feb-2010 08:22

We are piloting SQL access to a of Progress databases that does not have authentication enabled.

We followed the instructions here:

http://progress.atgnow.com/esprogress/documentDisplay.do?clusterName=CombinedCluster&preview=1&groupId=2&page=https://progress.atgnow.com/esprogress/docs/Solutions/Progress/ESERVER_P5661.xhtml&docType=1006&resultType=5002&docProp=$solution_id&docPropValue=20143

According to that entry, without autentication enabled on the Progress database, any SQL client unauthenticated. (using any random text as the password)

This includes the admin user.  Thus, any client can gain DBA priveleges if they know or guess the admin user id.

Is there a way to prevent this without enabling authentication on the entire Progress database?

In other words, is there a way to prevent DBA level access via SQL? (since authentication is not enabled)

One thought we had was to disable DBA access to all SQL users.  However, via SQL it is impossible to revoke privileges from the user through which you are connected.  Thus, via a SQL connection it is impossible to revoke DBA from the final user.  Perhaps there is a way to access the sysprogress.sysdbauth from Progress?

thoughts?

All Replies

This thread is closed