Re: SQL authenticated push subscriber's password appears in profiler

From: Narayana Vyas Kondreddi (answer_me@hotmail.com)
Date: 03/29/03

• Next message: Mary Chipman: "Re: Role activation"
• Previous message: Dejan Sarka: "Re: Change password....."
• In reply to: Narayana Vyas Kondreddi: "Re: SQL authenticated push subscriber's password appears in profiler"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Narayana Vyas Kondreddi" <answer_me@hotmail.com>
Date: Sat, 29 Mar 2003 09:45:21 -0000

Turned out to be a known issue, and will not be fixed for SQL Server 2000,
as running Profiler requires sysadmin, thus the exposure is limited.

--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
What hardware is your SQL Server running on?
http://vyaskn.tripod.com/poll.htm
"Narayana Vyas Kondreddi" <answer_me@hotmail.com> wrote in message
news:uXqqFLX9CHA.1732@TK2MSFTNGP12.phx.gbl...
I haven't verified it myself but notified MS. Will update this thread when I
have more information.
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
What hardware is your SQL Server running on?
http://vyaskn.tripod.com/poll.htm
"Nayan Raval" <nr@anon.com> wrote in message
news:03aa01c2f516$52bbf310$a601280a@phx.gbl...
Set up:
SQL Server 2000 SP3. Transactional replication with
separate publication and distribution servers. Set up a
push subscriber specifying sql authenticated login and
password.
Security problem:
Run profiler. On publication server visit
Tools...Replication...Configure Publishing, Subscribers
and Distribution. Select the Subscribers tab and change
the sql authenticated login's password.
You'll see sp_MSupdate_subscriber_info appearing in
Profiler with the password in clear text.
If the publication server and distribution server are on
the same sql server then instead of
sp_MSupdate_subscriber_info you see sp_changesubscriber in
profiler. The latter doesn't show parameters.
Please could MS fix this for separate publisher and
distributor.
Thanks,
--
Nayan Raval

• Next message: Mary Chipman: "Re: Role activation"
• Previous message: Dejan Sarka: "Re: Change password....."
• In reply to: Narayana Vyas Kondreddi: "Re: SQL authenticated push subscriber's password appears in profiler"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Problem altering table and adding a default ... SQL Server does not allow that - you can only add nullable ... > After you add a new column in Enterprise Manager, uncheck Allow Nulls, ... the ALTER TABLE statement above will pass to the SQL Server ... > 4) Start Profiler and perform a new trace. ... (microsoft.public.sqlserver.server) Re: Running profiler on busy 8-cpu Sql Server ... with SQL Server. ... Not only does the Profiler GUI's screen need to ... Server & places it on queues that the Profiler GUI picks up. ... / data columns & filters you define in a profiler trace, ... (microsoft.public.sqlserver.server) Re: Problem altering table and adding a default ... ALTER TABLE dbo.Test_tbl ADD Notnull_col1 charNOT NULL ... SQL Server does not allow that - you can only add nullable columns. ... After you add a new column in Enterprise Manager, uncheck Allow Nulls, bind the uder- ... Start Profiler and perform a new trace. ... (microsoft.public.sqlserver.server) Re: stress by profiler ? ... Are you running the Profiler on the same machine as SQL Server? ... The response time of DB access is also good. ... -- very low Disk Read ... (microsoft.public.sqlserver.server) Re: Should I Index? ... Wayne Snyder, MCDBA, SQL Server MVP ... > A good place to start is the index tuning wizard. ... Use profiler to do this. ... some suitable indexes based on the workload. ... (microsoft.public.sqlserver.server)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint