Home Forums Article Discussions Article Discussions by Author Discuss content posted by Derek Colley Three Attack Vectors in SQL Server 2005 RE: Three Attack Vectors in SQL Server 2005

  • March 7, 2012 at 6:53 am

    #1455960

    @richb-2 - fair point, but there's a clear difference between a locksmith and a burglar - I definitely wear a white, not black, hat.

    @jeff Moden - Following on from above - it does prove that 2005 is hackable and I believe 2008/R2/2012 is immune from at least one of these approaches since BUILTIN\Administrators is not included as a default login at installation time. I had to implement these approaches when my employer took on a contract where the previous IT incumbent had left abruptly, not bothering to leave behind password lists, and the client didn't have these. In this case there was a legitimate reason for forced entry.

    ---

    Note to developers:
    CAST(SUBSTRING(CAST(FLOOR(NULLIF(ISNULL(COALESCE(1,NULL),NULL),NULL)) AS CHAR(1)),1,1) AS INT) == 1
    So why complicate your code AND MAKE MY JOB HARDER??!:crazy:

    Want to get the best help? Click here https://www.sqlservercentral.com/articles/forum-etiquette-how-to-post-datacode-on-a-forum-to-get-the-best-help (Jeff Moden)
    My blog: http://uksqldba.blogspot.com
    Visit http://www.DerekColley.co.uk to find out more about me.