Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Change the port number for connections to SQL Server Expand / Collapse
Author
Message
Posted Wednesday, February 29, 2012 10:07 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Yesterday @ 7:05 PM
Points: 1,317, Visits: 2,807
Comments posted to this topic are about the item Change the port number for connections to SQL Server

----------------------------------------------------------------------------
Sacramento SQL Server users group - http://sac.sqlpass.org
Follow me on Twitter - @SQLDCH
----------------------------------------------------------------------------

Yeah, well...The Dude abides.
Post #1259913
Posted Thursday, March 1, 2012 12:11 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Tuesday, August 26, 2014 11:49 PM
Points: 833, Visits: 1,365
Hi, just a little feedback. Under conclusion, you write:
If the SQL Server Browser service is not running, connection strings will have to specify the port number in order to connect.

As I understand it, this is partially correct. You do not have to specify port number if the server is listening on port 1433, as it does on default instances by default. Apart from this, it is correct, whether you have specified port numbers manually or not.




Ole Kristian Velstadbråten Bangås - Virinco - Facebook - Twitter

Concatenating Row Values in Transact-SQL
Post #1259928
Posted Thursday, March 1, 2012 1:23 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Thursday, March 27, 2014 8:16 AM
Points: 534, Visits: 282
Very well explained but missing one useful point:

"Why would you want to change the port number in the first place?"


Kelsey Thornton
MBCS CITP
Post #1259945
Posted Thursday, March 1, 2012 2:02 AM


Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Tuesday, September 9, 2014 7:53 AM
Points: 728, Visits: 775
One reason to change the port number is if your named instance needs to use kerberos delegation there's many others when you'd need to do it. My personal preference is to set all named instances using static ports I also tend to use port numbers starting from 14330 upwards for all other instances on the server...
Post #1259957
Posted Thursday, March 1, 2012 2:02 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 12:58 AM
Points: 5,369, Visits: 9,891
Kelsey Thornton (3/1/2012)
Very well explained but missing one useful point:

"Why would you want to change the port number in the first place?"


(1) Security, to prevent attacks on the default port. Read about the SQL Slammer virus that hit nine years ago.

(2) You may have more than one instance on the same computer. They can't all listen on the same port.

John
Post #1259958
Posted Thursday, March 1, 2012 2:22 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Thursday, March 27, 2014 8:16 AM
Points: 534, Visits: 282
I don't dispute there are many reasons why this might be desirable, or even required.

My point was simply that a little background information into why the port number was being changed might not be out of place in the article.

It's a bit like giving driving directions to #1544 Tree Road, Smalltown, WI and not saying "come to my party at 8 o'clock tonight"


Kelsey Thornton
MBCS CITP
Post #1259965
Posted Thursday, March 1, 2012 2:27 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 12:58 AM
Points: 5,369, Visits: 9,891
Kelsey Thornton (3/1/2012)
I don't dispute there are many reasons why this might be desirable, or even required.

My point was simply that a little background information into why the port number was being changed might not be out of place in the article.

It's a bit like giving driving directions to #1544 Tree Road, Smalltown, WI and not saying "come to my party at 8 o'clock tonight"

I see what you're getting at now, Kelsey. Anyway, see you at the party tonight! Is WI Wisconsin?

John
Post #1259968
Posted Thursday, March 1, 2012 2:35 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Thursday, March 27, 2014 8:16 AM
Points: 534, Visits: 282
John Mitchell-245523 (3/1/2012)
I see what you're getting at now, Kelsey. Anyway, see you at the party tonight! Is WI Wisconsin?

John


Probably - I just used two letters I thought were probably a US state (so the US readers would feel at home)



Kelsey Thornton
MBCS CITP
Post #1259973
Posted Thursday, March 1, 2012 7:05 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Tuesday, August 26, 2014 11:49 PM
Points: 833, Visits: 1,365
John Mitchell-245523 (3/1/2012)
Security, to prevent attacks on the default port. Read about the SQL Slammer virus that hit nine years ago.

I tend to disagree. Yes slammer hit 1433, but in my humble opinion you do not change port numbers due to security issues. If you do read about slammer, the patch for the slammer security issue was released more than six months earlier. Slammer did much damage to to unpatched systems, not due to default port numbers.

There are still valid reasons for specifying port numbers. The two most common cases I've seen is routing access through a firewall (were all ports are closed by default), and access to named instances from clients who don't understand instances (by using IP and port number).




Ole Kristian Velstadbråten Bangås - Virinco - Facebook - Twitter

Concatenating Row Values in Transact-SQL
Post #1260104
Posted Thursday, March 1, 2012 7:16 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 12:58 AM
Points: 5,369, Visits: 9,891
okbangas (3/1/2012)
I tend to disagree. Yes slammer hit 1433, but in my humble opinion you do not change port numbers due to security issues. If you do read about slammer, the patch for the slammer security issue was released more than six months earlier. Slammer did much damage to to unpatched systems, not due to default port numbers.

There are still valid reasons for specifying port numbers. The two most common cases I've seen is routing access through a firewall (were all ports are closed by default), and access to named instances from clients who don't understand instances (by using IP and port number).

It's true that there was already a patch for Slammer, but some people prefer to add that extra layer of security as well. What would have happened if another worm that there was no patch for had come along exploiting 1433? I know that not everybody believes in security by obscurity (changing names and numbers away from default or descriptive values in order to mask their purpose), but it's a genuine school of thought.

I happen to think that changing ports for security reasons is a good idea, but of course I understand that not everybody has the same point of view. I only pointed out that this is a reason why one might wish to change the port.

Thanks for also pointing out those other reasons.

John
Post #1260114
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse