Any security whole accessing sql database with anonymous account
From: shyam (excelsmart1@yahoo.com)
Date: 02/04/03
- Next message: Keith W. McCammon: "Re: certificate newbie"
- Previous message: Jesus: "IIS & Certificate Server"
- Next in thread: Karl Levinson [x y] mvp: "Re: Any security whole accessing sql database with anonymous account"
- Reply: Karl Levinson [x y] mvp: "Re: Any security whole accessing sql database with anonymous account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "shyam" <excelsmart1@yahoo.com> Date: Tue, 4 Feb 2003 17:44:20 +0530
iam descriping my scenario below, please tell me what
are the exactly security holes and the problem i will face in this scenario.
if security hole is there means, what are possible ways for the hackers to
break down my sql server database. i need to develop a website. if u guide
me properly means, i will be very much thankful to u.
I will create a windows nt user account with no previliges called JOHN
(simply i will add only Users Group).
then in IIS to my website i will configuree User Name JOHN as anonymous
user.
and in MS SQL Server i will create windows NT account of JOHN and i will
give read, write persmission on NOrthwind database.
with the above scenario, iam running my website also, the end-users also
accesing website without any problems, the end-user is not entering any
WindowNT username and password (bcoz of anonymous account), they are doing
all adding, modify, delete operations on NORTHWIND database also.
now question and problem is:
what are all the security breaches for this scenario ?
how is it possible for hackers it is possible to break my sql server(hack).
my IIS Server having public ip address and database server is in private ip
address. and i created a anonymous user account in both the machines with
same password. is there any possible to access my sql server either my
domain users or public internet users. please give some detail information
about this.
with regards
MS
- Next message: Keith W. McCammon: "Re: certificate newbie"
- Previous message: Jesus: "IIS & Certificate Server"
- Next in thread: Karl Levinson [x y] mvp: "Re: Any security whole accessing sql database with anonymous account"
- Reply: Karl Levinson [x y] mvp: "Re: Any security whole accessing sql database with anonymous account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
