jassinm
Reputation: 7509
db2 security issue
I tried this from a client:
connect to db from shell with a random user like this
db2 connect to remotenode
no user or using ...
then i m logged in and can do
db2 describe tables for schema xxx
I m not allowed to query any tables . thank god .
How can i prevent this? anyone can browse the tables
Upvotes: 0
Views: 133
Answers (2)
Ian Bjorhovde
Reputation: 11052
Have your DBA tighten security on the database. The most obvious method for this would be to revoke CONNECT privilege from public.
However, if you want to prevent even users who are authorized to connect to a database from seeing which tables exist in the database, the DBA would need to revoke SELECT privilege on some of the system catalog tables (i.e. tables in the SYSCAT and SYSIBM schemas).
Upvotes: 3
Related Questions
- Error while connecting to db2
- DB2 Connection Authorization Faliure Occured Reason: Security Mechanism not supported in Java
- Database error, Security processing failed with reason "24"
- cannot grant any permissions to db2 database
- prevent some user from seeing db2 tables structure
- Issue with DB2 database connection with uname/password
- DB2 - Read Priviliges cannot read
- Allowing a user to access a table in DB2
- DB2 Grant add,update,delete to user
- User authorization in DB2