I've already prevented user to see any database (deny view any database to [login]) and it works.
But how to prevent user to list any other database using DB_NAME()
?
metadataSecuritysql server
I've already prevented user to see any database (deny view any database to [login]) and it works.
But how to prevent user to list any other database using DB_NAME()
?
Best Answer
DB_NAME
does not work as advertised before SQL Server 2016 (where the behaviour ofDB_ID
is also changed). For details, see:Information disclosure with the db_name and db_id function (Connect bug report)
There is a similar situation with other metadata functions, including:
suser_name
suser_sname
suser_sid
user_id
database_principal_id
is_rolemember
is_srvrolemember
These issues remain unresolved (either by design, or by being 'fixed') as of the time this answer was written, as far as I know.