Disabling an account on unexpected SQL Statement

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2008 » Security (SS2K8) » Disabling an account on unexpected SQL...

Disabling an account on unexpected SQL Statement

Rate Topic

Display Mode

Topic Options

Author

Message

goodhereinit

Posted Monday, October 01, 2012 1:40 AM

SSC Rookie

Group: General Forum Members
Last Login: Tuesday, October 30, 2012 5:10 AM
Points: 28, Visits: 35

Hi Folks,

Wondering if anyone had any ideas on this dilema?

I want to be able to trace code through my database, looking for certain patterns of sql code.

If the code being run, does not look genuine, i want to be able to lock the account that is sending it.

I am considering looking at the dmv's and pulling out the running queries and then locking the account, and send an alert.

Are there better ways of doing this?

Thanks.

Post #1366347

K. Brian Kelley

Posted Wednesday, October 03, 2012 6:27 AM

Keeper of the Duck

Group: Moderators
Last Login: 2 days ago @ 1:55 PM
Points: 6,584, Visits: 1,789

Can you give an example of code not looking genuine? SELECT queries and execution of stored procedures would be hard to manipulate in this way as they don't fire DML triggers. You might be able to do something with extended events or via the results of traces, but if you use a trace, there's always going to be a lag.

K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog |

LinkedIn | Twitter

Post #1367615

« Prev Topic | Next Topic »

Permissions