Re: Registry
From: CurtM (cndmoyer_at_hotmail.com)
Date: 05/14/03
- Next message: DeeJay Puar: "Permissions"
- Previous message: Francis: "ODBC full access"
- In reply to: Jasper Smith: "Re: Registry"
- Next in thread: Jasper Smith: "Re: Registry"
- Reply: Jasper Smith: "Re: Registry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 May 2003 13:46:36 -0700
Sorry to be unclear. What I've noticed of course is that
since I'm local admin on the production servers, I can
open query analyzer using just my Windows login even
though I'm not mapped into the logins on the sql server.
I get in simply because I'm local admin.
So I've been assuming that someone who's a "network admin"
(or more importantly a hacker who has obtained a high-
level password somehow) can also pop right into sql server
as well. This is what I want to prevent. The first
things a hacker/cracker type will go for is high-level
password and, gasp, if this should ever happen I don't
want them to be able to just jump right into our sql
servers which is where our most sensitive data is.
You said that I could just exclude them? How? By limiting
the domain admin sql server login? Hope that makes sense.
What about the builtin\administrators login?
>-----Original Message-----
>Don't grant them access. There's no need for them to
>be able to access SQL. I'm not sure what you're asking ?
>
>--
>HTH
>
>Jasper Smith (SQL Server MVP)
>
>I support PASS - the definitive, global
>community for SQL Server professionals -
>http://www.sqlpass.org
>
>"CurtM" <cndmoyer@hotmail.com> wrote in message
>news:025201c31a39$14898240$a101280a@phx.gbl...
>> I'm confused as to what Windows Only mode will buy you
>> assuming that you don't use Mixed Mode logins for you
day-
>> to-day activities on the server (so that no passwords
are
>> floating around the network). Also, I guess what I'm
>> asking is: how can I keep someone out of sql server if
>> they're a local admin or network admin?
>>
>> >-----Original Message-----
>> >He must have permissions on the registry as well. Have
a
>> complicated
>> >password, swithch to Windows Only mode, and take care
>> about permissions on
>> >the OS level as well.
>> >
>> >--
>> >Dejan Sarka, SQL Server MVP
>> >FAQ from Neil & others at: http://www.sqlserverfaq.com
>> >Please reply only to the newsgroups.
>> >PASS - the definitive, global community
>> >for SQL Server professionals - http://www.sqlpass.org
>> >
>> >"CurtM" <cndmoyer@hotmail.com> wrote in message
>> >news:092e01c31976$556a48d0$a001280a@phx.gbl...
>> >> Isn't this true? If a hacker gains access to the
>> >> administrative password, you're hosed. They can
switch
>> >> the registry key to mixed mode and jump right in to
sql
>> >> server? Is there any way to protect yourself against
>> this?
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: DeeJay Puar: "Permissions"
- Previous message: Francis: "ODBC full access"
- In reply to: Jasper Smith: "Re: Registry"
- Next in thread: Jasper Smith: "Re: Registry"
- Reply: Jasper Smith: "Re: Registry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
