search

FuseCP / SolidCP

Multi Server Control Panel for Windows based on C#
https://solidcp.com
Other
84 stars 73 forks source link

MSSQL Databases should be created as Contained #68

Open AaronSadlerUK opened 3 years ago

AaronSadlerUK commented 3 years ago

MSSQL databases should be created as contained databases in SQL 2014 or later.

This will stop users being able to see / attempting to access databases which they do not have permission for:

https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver15

--- Want to back this issue? **[Post a bounty on it!](https://app.bountysource.com/issues/98194763-mssql-databases-should-be-created-as-contained?utm_campaign=plugin&utm_content=tracker%2F150994120&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://app.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F150994120&utm_medium=issues&utm_source=github).
AaronSadlerUK commented 3 years ago

I couldn't figure out how to get SolidCP running in debug to work on this.

However the TSQL required to make this happen is below, so it should be a real simple thing to implement:


GO
CREATE DATABASE [DemoContainedDB]
CONTAINMENT = PARTIAL
ON PRIMARY 
( 
NAME = N'DemoContainedDB', 
FILENAME = N'E:\MSSQL15.MSSQLSERVER\MSSQL\DATA\DemoContainedDB.mdf' , 
SIZE = 3072KB , 
FILEGROWTH = 1024KB 
)
LOG ON 
( 
NAME = N'DemoContainedDB_log', 
FILENAME = N'E:\MSSQL15.MSSQLSERVER\MSSQL\DATA\DemoContainedDB_log.ldf' , 
SIZE = 1024KB , 
FILEGROWTH = 10%
)

USE [DemoContainedDB]
GO
CREATE USER [ContainedDBUser] WITH PASSWORD=N'Contained$DBUser@5', 
 DEFAULT_LANGUAGE=[English], 
 DEFAULT_SCHEMA=[dbo]
GO
AaronSadlerUK commented 3 years ago

@FuseCP-TRobinson @FuseCP-MTiggelaar

How do I get SolidCP running in debug to build this?

If not, if I place a bounty on this... What is the chances it will get built?

FuseCP-TRobinson commented 3 years ago

Hi @AaronSadlerUK

I might be best to join the dev chat at https://gitter.im/FuseCP/SolidCP so we can talk you through the issues with your dev environment.

I do think this most likely needs to be its own provider type rather than trying to modify the current providers and causing issues with current databases.

Regards,

Trevor

AaronSadlerUK commented 3 years ago

Great, sounds good.

I would rather keep this within SolidCP if possible, otherwise I'll build it into an external service, but as I also want to build a Cloudflare module, getting it all running would be beneficial 😁