Sybase 12.4.2 User Manual
Page 111
CHAPTER 2 Running Adaptive Server IQ
91
•
An integrated login mapping exists between the user
dsmith
and the
database user ID
DBA
. When the user
dsmith
connects to the server with
her correct login ID and password, she connects to the database as
DBA
, a
user with full administrative rights.
•
But anyone else attempting to connect to the server as "dsmith" will
successfully log in to the server regardless of the password they provide
because Windows NT will default that connection attempt to the "Guest"
user profile. Having successfully logged in to the server using the "dsmith"
login ID, the unauthorized user successfully connects to the database as
DBA
using the integrated login mapping.
Note
Disable the “Guest” user profile for security. The safest integrated login
policy is to disable “Guest” on any Windows NT machine hosting an Adaptive
Server IQ database This can be done using the Windows NT User Manager
utility.
Setting temporary public options for added security
Setting the value of the LOGIN_MODE option for a given database to
Mixed
or
Integrated
using the following SQL statement permanently enables
integrated logins for that database.
SET OPTION Public.LOGIN_MODE = Mixed
If the database is shut down and restarted, the option value remains the same
and integrated logins are still enabled.
Changing the LOGIN_MODE option temporarily will still allow user access
via integrated logins. The following statement will change the option value
temporarily:
SET TEMPORARY OPTION "Public".LOGIN_MODE = Mixed
If the permanent option value is
Standard
, the database will revert to that value
when it is shut down.
Setting temporary public options can be considered an additional security
measure for database access since enabling integrated logins means that the
database is relying on the security of the operating system on which it is
running. If the database is shut down and copied to another machine (such as a
user's machine) access to the database reverts to the Adaptive Server Anywhere
security model and not the security model of the operating system of the
machine where the database has been copied.