Re: Security bug?

From: R. van Noorloos (renennospam@syfact.com)
Date: 01/23/03 

From: "R. van Noorloos" <renennospam@syfact.com>
Date: Thu, 23 Jan 2003 16:01:53 +0100

John,

Are you sure that it is promted when installing with NT authentication.
Beacuase I have done a numerous installation. But I cannot remember ever
seen an prompt when instaling with NT authentication. I know I'm prompted
when installing with Mixed Mode

Kind regards
Rene
"John Alderson" <jalderson.spamnot@adelphia.net> wrote in message
news:u$G9BbtwCHA.2492@TK2MSFTNGP10...
> SQL Server 2000 Setup has been prompting for a password for sa since RTM,
> IIRC. This is nothing new with SP3. However, it's only a prompt and the
> ignorant administrator can still bypass it. I think it would serve
> Microsoft well to retool the prompt to be such that a password is a
> requirement to continue setup.
>
> Further, folks pleading security ignorance just doesn't fly when a 3
second
> Google search on sql security brings up www.sqlsecurity.com as the first 2
> hits and Chip Andrews Blackhat presentation as the third.
>
> John Alderson
>
>
> "R. van Noorloos" <renennospam@syfact.com> wrote in message
> news:#1UntkrwCHA.2636@TK2MSFTNGP12...
> > Kevin
> >
> > Thanks, I know there is more, but a blank password is easely overseen if
> you
> > standard install with NT security and not aware of this. And also
> > administrators could be denied access to a database/sql server,depending
> on
> > the confidentiallity of the stored information.
> >
> > But it is good to know SP3 is forcing it anyway.
> >
> > Kind regards
> >
> > René van Noorloos
> >
> > Syfact int'l
> >
> > "Kevin McDonnell [MS]" <kevmc@online.microsoft.com> wrote in message
> > news:Y5oyS$XwCHA.3048@cpmsftngxa06...
> > > Also, installing sp3 will prompt the user to change a blank 'sa'
> password.
> > > Only Administrators should be allowed to modify the servers registry
> key.
> > > There's more to securing a server than supplying a good 'sa'
password...
> > >
> > >
> > > Kevin McDonnell
> > > Microsoft SQL Server Support
> > >
> >
> >
>

Relevant Pages

  • Re: redirected to connection not secure
    ... After selecting yes the prompt keeps reappearing - loading bar at bottom does ... The Trend antivirus has no known affects on installing software ... Is the computer currently fully-patched at Windows Update? ... What anti-virus application or security suite is installed and is your ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Update installed 9 times and STILL being asked to install this
    ... I am unsure exactly what happened but the update prompt no longer occurs. ... unable to stop the update icon showing an update is required and having ... to keep installing this. ... How to troubleshoot Windows Update or Microsoft Update when you are ...
    (microsoft.public.windowsupdate)
  • Re: On Windows XP Pro SP 2 My Motherboard have cancelled the integrated Sound system
    ... As I was installing them, in the middle of the process of the install, I get prompted that there are no Audio devices detected, and the installation quits. ... The system cannot recognize the sound system. ... I still do not see any prompt that suggests ...
    (microsoft.public.windowsxp.general)
  • Re: Use Office v. X on new MacBook Pro?
    ... John's point is that when you do the install you will be installing whatever ... Applications folder to the Trash & empty the Trash. ... most likely be a similar prompt to update OS X as well when you first start ... John confused me a bit by suggesting ...
    (microsoft.public.mac.office)
  • Re: Installed KB936181...or not?
    ... prompt it just tells me access is denied, and when I try to download the ... Click Apply, Close, and then restart the system when prompted to. ... After installing KB936181 and rebooting, ... REcheck the boxes next to the HP items that you had previously UNchecked. ...
    (microsoft.public.windowsupdate)