Re: How to prevent 'sa' from 'hacking' Windows Server ?
From: Jacco Schalkwijk (jacco.please.reply_at_to.newsgroups.mvps.org.invalid)
Date: 07/21/04
- Next message: Brian: "SQL Server & SSL & Fully Qualified Domain Name"
- Previous message: Dominic: "RE: How to prevent 'sa' from 'hacking' Windows Server ?"
- In reply to: tristant: "How to prevent 'sa' from 'hacking' Windows Server ?"
- Next in thread: Mark Allison: "Re: How to prevent 'sa' from 'hacking' Windows Server ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 11:02:21 +0100
Yes, run SQL Server under an Windows account that isn't a member of the
Windows administrators group and doesn't have permissions to create Windows
users. sa inherits the permissions of the Windows account that SQL Server is
running under.
-- Jacco Schalkwijk SQL Server MVP "tristant" <krislioe@cbn.net.id> wrote in message news:Om7pwQwbEHA.3636@TK2MSFTNGP10.phx.gbl... > Hi All, > > We are running SQL Server 2000 at Windows 2000 Server. > I Just realize that with 'sa' login from query analyzer from client computer > , it can execute sp_cmdshell and some 'Net bla bla comannd' create new > Windows user , assign administrator to it and then become 'god' with that > user account. > > Is there aniway to overcome this security hole ? > > Thanks in advance, > Krist > >
- Next message: Brian: "SQL Server & SSL & Fully Qualified Domain Name"
- Previous message: Dominic: "RE: How to prevent 'sa' from 'hacking' Windows Server ?"
- In reply to: tristant: "How to prevent 'sa' from 'hacking' Windows Server ?"
- Next in thread: Mark Allison: "Re: How to prevent 'sa' from 'hacking' Windows Server ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
