RE: Auditing in SQLServer

From: Lan Lewis-Bevan [MS] (lanlb@online.microsoft.com)
Date: 04/22/03

• Next message: news@news.com: "Re: SQL Server sa password"
• Previous message: SK Dutta: "Facing problems after installing the SP3.."
• In reply to: Kanthi: "Auditing in SQLServer"
• Next in thread: SriSamp: "Re: Auditing in SQLServer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: lanlb@online.microsoft.com (Lan Lewis-Bevan [MS])
Date: Tue, 22 Apr 2003 15:59:51 GMT

If you changed the SQL auditing level by

Enterprise Manager -> Server name -> Properties ->
Security -> Audit level -> Failure

All you did was calling the extended store procedure to change a registry
value to 2:

xp_instance_regwrite N'HKEY_LOCAL_MACHINE',
N'SOFTWARE\Microsoft\MSSQLServer\MSSQLServer',N'AuditLevel', REG_DWORD, 2

Other values:

0 --- None
1 --- Success
2 --- Failure
3 --- All

This should not affect your file sharing option. Besides, this change will
not take place until you restart your SQL server service. Did you find the
sharing option changes before or after you restarted your SQL service?

Regards,

Lan Lewis-Bevan
SQL Server Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.

• Next message: news@news.com: "Re: SQL Server sa password"
• Previous message: SK Dutta: "Facing problems after installing the SP3.."
• In reply to: Kanthi: "Auditing in SQLServer"
• Next in thread: SriSamp: "Re: Auditing in SQLServer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: SQL Slammer doing the rounds again? ... SQL Slammer doing the rounds again? ... "I used to hate writing assignments, ... > Security Business Unit ... > at the largest, most highly-anticipated industry ... (Incidents) Re: sql injection query ... escapes the values so this alone greatly enhances security. ... there was a post here a while ago about Validating SQL ... these regex's were very good] so he had no worries about Injection. ... wanted to know if I call a storedprocedure like this I would be similarly ... (microsoft.public.dotnet.framework.adonet) [NEWS] IBM Informix Web DataBlade Vulnerable to Auto-decoding of HTML Entities ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... HTML encoded strings are automatically being decoded when used in SQL ... When a string has been ... $'ed it should thus be safe to use it in an SQL query, ... (Securiteam) Re: Microsoft Informational Alert ... > PSS Security Response Team Alert - SQL Security Recommendations ... > PRODUCTS AFFECTED: SQL Server ... Secure your SA login account with a non-NULL password. ... (microsoft.public.security) Re: sql injection - missed it at bh/defcon + follow on query. ... sql injection - missed it at bh/defcon + follow on query. ... >I got thro' a login by putting ... >This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint