SQL authenticated push subscriber's password appears in profiler
From: Nayan Raval (nr@anon.com)
Date: 03/28/03
- Next message: Neil Weicher: "Re: phisical MDF without security..."
- Previous message: Abul Ahamadali: "Error 229"
- Next in thread: Narayana Vyas Kondreddi: "Re: SQL authenticated push subscriber's password appears in profiler"
- Reply: Narayana Vyas Kondreddi: "Re: SQL authenticated push subscriber's password appears in profiler"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nayan Raval" <nr@anon.com> Date: Fri, 28 Mar 2003 02:39:34 -0800
Set up:
SQL Server 2000 SP3. Transactional replication with
separate publication and distribution servers. Set up a
push subscriber specifying sql authenticated login and
password.
Security problem:
Run profiler. On publication server visit
Tools...Replication...Configure Publishing, Subscribers
and Distribution. Select the Subscribers tab and change
the sql authenticated login's password.
You'll see sp_MSupdate_subscriber_info appearing in
Profiler with the password in clear text.
If the publication server and distribution server are on
the same sql server then instead of
sp_MSupdate_subscriber_info you see sp_changesubscriber in
profiler. The latter doesn't show parameters.
Please could MS fix this for separate publisher and
distributor.
Thanks,
-- Nayan Raval
- Next message: Neil Weicher: "Re: phisical MDF without security..."
- Previous message: Abul Ahamadali: "Error 229"
- Next in thread: Narayana Vyas Kondreddi: "Re: SQL authenticated push subscriber's password appears in profiler"
- Reply: Narayana Vyas Kondreddi: "Re: SQL authenticated push subscriber's password appears in profiler"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
