Re: Denying Remote SQL Server Access

From: Mark Allison (mark@allisonyourpantsmitchell.c0m)
Date: 02/25/03 

From: "Mark Allison" <mark@allisonyourpantsmitchell.c0m>
Date: Tue, 25 Feb 2003 14:38:01 -0000

Why can't you change the sa password? NOBODY should use this account for
ANYTHING! Not even your DBAs. The only way you can restrict access to the
machine is to put it behind a firewall.

I don't understand why the SQL Server needs to be on the internet anyway.
Most SQL Servers should have an application or web server between it and the
internet, via a couple of firewalls, properly configured. The SQL Server
should also be in a DMZ (preferably its own one) and not in the LAN.

I would recommend you shut down the server and don't bring it back up until
it's behind a firewall. This very message is an invitation for hackers to
come and hack you. 

--
Mark Allison, SQL Server MVP
http://www.allisonmitchell.com
Remove 'yourpants' to reply
"Sundar" <sun@monasys.com> wrote in message
news:036001c2dcb5$ddf557b0$3301280a@phx.gbl...
: Hi,
:
:    I am having a SQL Server 2000 running in Public IP.
: There are lot of applications developed with the above
: said SQL Server as my database with the default user
: name "sa" and blank password. Now I cannot change the
: password for the user. Everybody in the world will be
: knowing this user name and password. So if they come to
: know my SQL Server's IP they can do anything they want.
: Now my requirement is to restrict the access of SQL Server
: from any machine apart from the SQL Server local machine
: without changing the user name and password.
:
: Do anybody have answer for the above query?
:
: Thanks in advance.
:
: Regards
:
: Sundar

Relevant Pages

  • Re: Web-based software update
    ... > firewall and therefore cannot be accessed directly from a Delphi ... Open the firewall to allow SQL Server traffic to pass through. ... Without using a VPN, ... you still have open data flowing over the internet, ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: I have a matter with symantec enterprise firewall
    ... A SQL Server exposed to the Internet at large? ... Symantec Enterprise ... must, put the PRODUCTION SQL Server outside the enterprise firewall (i.e., ...
    (comp.security.firewalls)
  • Re: connecting to SQL Server 2000 from a VB.net app using ADO.net
    ... In terms of connectivity issues over the Internet, firewall ... TCP Ports Needed for Communication to SQL Server ... I can't create a remote connection in Enterprise Manager. ...
    (microsoft.public.sqlserver.connect)
  • Re: Access via internet?
    ... a static IP address at the host (thats when the SQL Server is reachable over ... the internet in the DMZ) OR opening a port in the firewall, ...
    (microsoft.public.sqlserver.msde)
  • Re: ISA and SQL2000
    ... > the SQL server) and have the ISA listen on port 1433 and possibly redirect ... > attempts to log onto my SQL Server from the Internet due to the exposed ... > Would this be stopped if ISA is in front of the SQL server? ... as the "inner" firewall between the LAN and DMZ. ...
    (microsoft.public.isa)