NT AUTHORITY\NETWORK SERVICE -- Dangerous?

From: Mek (Mek_at_discussions.microsoft.com)
Date: 05/30/05

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: SAML"
    Date: Mon, 30 May 2005 08:50:04 -0700
    
    

    I am not entirely sure how this Windows user ID is used, but I have a
    security question about it. If I give the NETWORK SERVICE account read/write
    permissions on my SQL Server (so that I can use Windows authentication for my
    web app), do I incur a security risk? In other words, is it possible to log
    in using the NETWORK SERVICE account from outside my firewall, or is that
    account only available to code running on the server? Or do some other
    criteria govern this login? Basically, I want to know if anyone else can log
    in with that ID, and who that person might be if they did.

    If it is *not* secure, then what is a secure way to connect to my data? If
    I put the SQL user ID and password directly in my connection strings, I'm
    obviously taking a risk, so I need a better way to do it. If I allow the
    NETWORK SERVICE account to access the data, then my problems are solved --
    but if unauthorized users could log in and query/update the database, then
    I've got the same problem all over again.


  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: SAML"