Home Forums SQL Server 7,2000 Security Can a malware on desktop affect the security of MSSQL? RE: Can a malware on desktop affect the security of MSSQL?

  • January 4, 2013 at 11:56 am

    #1573899

    MSSQL_NOOB (1/4/2013)

    Is this security or stupidity?

    a little of both, i think.

    From a SQL server standpoint,

    SQL server passwords are inherently less secure than Windows authentication; you can use a brute force/dictionary attach to attempt to get SQL server access. Windows Authentication means you've logged in securely on the domain, so you are able to pass a trusted token around instead of exposing your password.

    SQL authentication is disabled, by default, on a new SQL installation for that specific security reason.

    covering the security hole by switching to SQL users/passwords potentially opens a different, larger hole.

    a virus scanner pretty much puts the issue to bed as far as malware, and that's the solution we prefer at my shop. (we use ESET NOD32 Antivirus)

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!