Re: Secure a SQL-Server 2000 database.

From: Mary Chipman (mchip@nomail.please)
Date: 01/21/03

• Next message: Raj Bhaskar: "Re: Allowing only certain clients access to SQL Server 2K"
• Previous message: Kresimir Radosevic: "Re: Allowing only certain clients access to SQL Server 2K"
• In reply to: Ingar Eide: "Re: Secure a SQL-Server 2000 database."
• Next in thread: Orko On: "Re: Secure a SQL-Server 2000 database."
• Reply: Orko On: "Re: Secure a SQL-Server 2000 database."
• Reply: Ingar Eide: "Re: Secure a SQL-Server 2000 database."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Mary Chipman <mchip@nomail.please>
Date: Tue, 21 Jan 2003 11:11:45 -0500

>I find it strange that Microsoft don't have any solution for this.
>Even SQL-Anywhere from Sybase or Pervasive.SQL have better security
>than this.

Not really. If someone is an administrator, then they can do anything.
The assumption is that the administrator is trusted, and if you can't
trust an administrator, then you're doomed. Are you saying you can
protect a database on SQL Anywhere or Sybase from a system
administrator? I don't think so.

This is a difficult problem that has more to do social engineering and
less to do with technical solutions. Basically, there is no technology
that exists that can provide perfect security that meets every need,
and there never will be. Fact of life--get over it. "Better security"
is a purely subjective term, and utterly meaningless since the needs
of different applications vary so widely.

-- Mary
MCW Technologies
http://www.mcwtech.com

---

• Next message: Raj Bhaskar: "Re: Allowing only certain clients access to SQL Server 2K"
• Previous message: Kresimir Radosevic: "Re: Allowing only certain clients access to SQL Server 2K"
• In reply to: Ingar Eide: "Re: Secure a SQL-Server 2000 database."
• Next in thread: Orko On: "Re: Secure a SQL-Server 2000 database."
• Reply: Orko On: "Re: Secure a SQL-Server 2000 database."
• Reply: Ingar Eide: "Re: Secure a SQL-Server 2000 database."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [NT] Hacking Sybase/MS-SQL for the NT Administrator ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... without having the SA password (note that we do have administrator access ... The following is an explanation on how to get into a Sybase database on ... Sybase permits three modes of authentication: ... (Securiteam) Re: Secure a SQL-Server 2000 database. ... > Even SQL-Anywhere from Sybase or Pervasive.SQL have better security ... and set SQL Server to run under that account. ... (microsoft.public.sqlserver.security) [NT] User Downgraded from Administrator to User Retains the Ability to List Other Users Running Task ... Beyond Security would like to welcome Tiscali World Online ... Windows XP presents a new option called "Fast User Switching" (FUS). ... Eitan has found that if a user is downgraded from an administrator role to ... as shown in task manager)) via tempting the local ... (Securiteam) Re: Is complete home security possible? ... > If you are a gamer, some computer games will only run in administrator ... I have a clean disk image made from Norton Ghost, ... security issues to deal with to do it monthly, ... I have been using computers since 76, never had a virus on any of my ... (comp.security.firewalls) Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER ... After installing a parallel copy of WIN2K SERVER, ... Administrator access in Directory Services Restore Safe Mode. ... This reset the local policy back to ... manual security reset. ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2003-01