Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Database Administration » Connecting to a Database » Using integrated logins

Creating a default integrated login user Next Page

Security concerns: Unrestricted database access

The integrated login feature works using the login control system of Windows in place of the SQL Anywhere security system to connect to a database without providing a user ID or password. Essentially, the user passes through the database security if they can log in to the computer hosting the database.

If the user successfully logs in to the Windows server as dsmith, they can connect to the database without further proof of identification provided there is either an integrated login mapping or a default integrated login user ID.

When using integrated logins, database administrators should give special consideration to the way Windows enforces login security in order to prevent unwanted access to the database.


Leaving the user profile Guest enabled can permit unrestricted access to a database that is hosted by that server.

If the Guest user profile is enabled and has a blank password, any attempt to log in to the server will be successful. It is not required that a user profile exist on the server, or that the login ID provided has domain login permissions. Literally any user can log in to the server using any login ID and any password: they are logged in by default to the Guest user profile.

This has important implications for connecting to a database with the integrated login feature enabled.

Consider the following scenario, which assumes the Windows server hosting a database has a Guest user profile that is enabled with a blank password.

Disable the Guest user profile for security

The safest integrated login policy is to disable the Guest user profile on any Windows computer hosting a SQL Anywhere database. This can be done using the Windows User Manager utility.