Re: Default Hidden login/password?
From: John (jonashbaugh@hotmail.com)
Date: 12/20/02
- Next message: booray: "SSL over the internet"
- Previous message: John: "Re: Default Hidden login/password?"
- In reply to: Jasper Smith: "Re: Default Hidden login/password?"
- Next in thread: Hal Berenson: "Re: Default Hidden login/password?"
- Reply: Hal Berenson: "Re: Default Hidden login/password?"
- Reply: Jasper Smith: "Re: Default Hidden login/password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John" <jonashbaugh@hotmail.com> Date: Fri, 20 Dec 2002 12:52:25 -0800
Jasper,
We currently have a beta tester that is using our application / sql
server solution. I was using the sa login to login to the server from our
office. Since you're saying that this is bad...any other solutions to my
dilemma? I have the ability to pcanywhere into the server as well. We are
also setting up replication between the server here and at the clients. What
other security issues should I be aware of? Should I deny access to sa? Any
additional input would be most appreciated.
John
"Jasper Smith" <jasper_smith9@hotmail.com> wrote in message
news:#f8AafFqCHA.2796@TK2MSFTNGP10...
> If you are not using IPSEC or SSL anyone with the
> ability to search google can easily find out how to grab
> the password off the wire. The "encryption" for SQL
> passwords during a connect is tantamount to plain text,
> it's that easy to decipher. The benefit of using NT logins
> is that no password is transmitted to the server. It also
> allows better auditing of changes to the server if you have
> multiple administrators. It's easy enough to set up a local
> group on the server (e.g. SERVER\SQLDBA) and add
> your admins to that NT group and then grant access to
> SQL for that group and add it to the sysadmin role. If it's
> just you then just add a login for your NT account.
> Whilst you may well have firewalls in place, internal hacking
> is a growing threat and since it is so straightforward to hack
> SQL login passwords, it makes sense not to use them,
> especially for high risk accounts like sa.
>
> --
> HTH
>
> Jasper Smith (SQL Server MVP)
>
> I support PASS - the definitive, global
> community for SQL Server professionals -
> http://www.sqlpass.org
>
> "John" <jonashbaugh@hotmail.com> wrote in message
> news:#R0IFIFqCHA.2252@TK2MSFTNGP12...
> > I have set up deny for BUILTIN\Administrators. I login using the sa
> account.
> > Bad idea? Why? Thanks in advance. Our sa password is over 12 characters
> > long.
> >
> > "Jasper Smith" <jasper_smith9@hotmail.com> wrote in message
> > news:OTlgDkEqCHA.2764@TK2MSFTNGP09...
> > > No, not hidden but there are 2 default logins
> > >
> > > 1) sa - built in sysadmin SQL login - make sure it has
> > > a very strong password and don't use it ever.
> > > 2) BUILTIN\Administrators - NT group that maps to
> > > the local administrators group on the server. Sysadmin
> > > rights by default.
> > >
> > > --
> > > HTH
> > >
> > > Jasper Smith (SQL Server MVP)
> > >
> > > I support PASS - the definitive, global
> > > community for SQL Server professionals -
> > > http://www.sqlpass.org
> > >
> > > "John" <jonashbaugh@hotmail.com> wrote in message
> > > news:OSCIqFEqCHA.1776@TK2MSFTNGP09...
> > > > Is there a default hidden login and password like there is in
Oracle?
> I
> > > want
> > > > to make sure that the server is secure. Thanks.
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: booray: "SSL over the internet"
- Previous message: John: "Re: Default Hidden login/password?"
- In reply to: Jasper Smith: "Re: Default Hidden login/password?"
- Next in thread: Hal Berenson: "Re: Default Hidden login/password?"
- Reply: Hal Berenson: "Re: Default Hidden login/password?"
- Reply: Jasper Smith: "Re: Default Hidden login/password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
