DataBase security
From: sniper (andyrightin@yahoo.com)
Date: 02/11/03
- Next message: Bill Cheng [MSFT]: "RE: SuperSocket Error 19011"
- Previous message: Larry: "Looking for in depth information on Slammer worm"
- In reply to: Rushi: "DataBase security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "sniper" <andyrightin@yahoo.com> Date: Mon, 10 Feb 2003 22:09:25 -0800
sun patel bhai,
there are many ways to hack the SQL server and in turn
hack the NT server itself
i myself do that as a profession !
read the following points on www.sqlsecurity.com
read the sqlcheck list and disscussion forum there
quick points
1) dont use sa ..put a strong password and dont use the
account unless an emergency use an equivalent sysadmin
account
2) if possible change the default port 1433 to some other
port and only the application guys and the dba should
know this
3) connect using TCP/IP only ..if possible dont use named
service which use port 1434/UDP
4) be sure that ur network is secure, if ur server or
application is on the Internet then ther are more issues
read more about Slammer worm ..recently been released
which attacks the port 1433 and 1434,if not try a firewall
service.
5) mail me for any more points be brief and specific !!
chow
soumen
>-----Original Message-----
>hi,
>
>I had developed a software with sqlserver as a backhand.
>The problem i am facing is that i am unable to secure
>my database. I had very little idea abt database security.
>
>I wish that no one except system administrator could
access
>database either through Enterprise Manager or Query
>Analyzer.
>
>Awaiting a quick respone
>
>Thanking you
>rushi
>.
>
- Next message: Bill Cheng [MSFT]: "RE: SuperSocket Error 19011"
- Previous message: Larry: "Looking for in depth information on Slammer worm"
- In reply to: Rushi: "DataBase security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
