Re: SQL Server 2005 - getting Bruteforced
- From: "David Browne" <davidbaxterbrowne no potted meat@xxxxxxxxxxx>
- Date: Thu, 6 Apr 2006 10:12:33 -0500
"Andreas Kraus" <ak@xxxxxxxxxxxxxxxx> wrote in message
news:%23jVhnJWWGHA.4484@xxxxxxxxxxxxxxxxxxxxxxx
Hi and thanks for your reply.
The SQL Server is running on an Internet Server with ASP.NET v2 remotely.
We are testing several Web Applications there with a Remote Team.
The ASP.NET Applications are using SQL Authentication instead of Windows
Authentication. I wouldn't know how to create a Connection String based on
Windows Authentication..
The SA Password is pretty strong but those attacks are really annoying.
Is it possible to restrict the SA Account to local connections only?
Here's an example ADO.NET connection string using integrated security.
Data Source=Your_Server_Name;Initial Catalog=Your_Database_Name;Integrated
Security=SSPI;
Once you get that, turn of mixed authentication, or at least disable the SA
login.
Also in Windows you can block access to IP interface from selected
computers, or from all but selected computers. Also you can move SQL Server
off of port 1433, and change your connection strings accordingly.
David
.
- Follow-Ups:
- Re: SQL Server 2005 - getting Bruteforced
- From: Andreas Kraus
- Re: SQL Server 2005 - getting Bruteforced
- References:
- SQL Server 2005 - getting Bruteforced
- From: Andreas Kraus
- Re: SQL Server 2005 - getting Bruteforced
- From: Uri Dimant
- Re: SQL Server 2005 - getting Bruteforced
- From: Andreas Kraus
- SQL Server 2005 - getting Bruteforced
- Prev by Date: Re: SQL Server 2005 - getting Bruteforced
- Next by Date: Re: asymmetric encryption
- Previous by thread: Re: SQL Server 2005 - getting Bruteforced
- Next by thread: Re: SQL Server 2005 - getting Bruteforced
- Index(es):
Relevant Pages
|
