NT AUTHORITY\NETWORK SERVICE -- Dangerous?
From: Mek (Mek_at_discussions.microsoft.com)
Date: Mon, 30 May 2005 08:50:04 -0700
I am not entirely sure how this Windows user ID is used, but I have a
security question about it. If I give the NETWORK SERVICE account read/write
permissions on my SQL Server (so that I can use Windows authentication for my
web app), do I incur a security risk? In other words, is it possible to log
in using the NETWORK SERVICE account from outside my firewall, or is that
account only available to code running on the server? Or do some other
criteria govern this login? Basically, I want to know if anyone else can log
in with that ID, and who that person might be if they did.
If it is *not* secure, then what is a secure way to connect to my data? If
I put the SQL user ID and password directly in my connection strings, I'm
obviously taking a risk, so I need a better way to do it. If I allow the
NETWORK SERVICE account to access the data, then my problems are solved --
but if unauthorized users could log in and query/update the database, then
I've got the same problem all over again.