Re: SQL Spider question
From: Chip Andrews (chipandrews@usa.net)Date: 05/22/02
- Previous message: James MacKinnon: "RE: IIS 5.0 and Netscape Authentication"
- In reply to: Gu1tarb0y@aol.com: "SQL Spider question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chip Andrews" <chipandrews@usa.net> To: <Gu1tarb0y@aol.com>, <focus-ms@securityfocus.com> Date: Wed, 22 May 2002 15:04:13 -0400
> Name Type Default Database User
>
> cadb Standard master dbo
> sa Standard master dbo
> tng Standard TNGDB tng
> tngsa Standard TNGB dbo
>
cadb, tng, and tngsa are accounts created by Unicenter. You can see that
they two out of three of them are db_owners and the cadb account is likely a
sysadmin so be careful and make sure those accounts are locked down as well.
> If I was to guess that one of these was the admin account, I'd guess sa.
> Let's say I find the account and want to add a password, what processes
will this affect? As in.... do I need to go and add this info to start up
parms on services or re-establish a process to use this account AND it's new
password?
Windows services do not use SQL Server accounts as service accounts - they
use Windows accounts. If any applications you run on that machine are using
the 'sa' account for database access and you change the password then the
applications will likely fail. However, it should be stated that if you are
using the 'sa' account for runtime database access then you're sitting on a
time bomb anyways. Create a low-priv SQL account and give only the
necessary permissions. With a third-party product like Unicenter you can
probably refer to CA's support site to see if they have instructions for
hardening the installation.
Chip Andrews
www.sqlsecurity.com
- Previous message: James MacKinnon: "RE: IIS 5.0 and Netscape Authentication"
- In reply to: Gu1tarb0y@aol.com: "SQL Spider question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
