February 24, 2017 at 1:16 pm
I have two question about SQL user connection security ...
Is standard (or necessary for small company) deploy for authentication using SQL - SSL for better security ?
If I had understood correctly Kerberos is used only if used Windows Authentication ...
February 24, 2017 at 3:36 pm
Most companies use mixed mode, as performing administrative tasks really benefits from the sa SQL login, and becomes difficult if not provided. Mixed mode provides both SQL login and Windows authentication. Just because one is a small company doesn't mean they should skimp on security.
Steve (aka sgmunson) 🙂 🙂 🙂
Rent Servers for Income (picks and shovels strategy)
February 26, 2017 at 9:33 am
kyssling - Friday, February 24, 2017 1:16 PMI have two question about SQL user connection security ...
Is standard (or necessary for small company) deploy for authentication using SQL - SSL for better security ?
If I had understood correctly Kerberos is used only if used Windows Authentication ...
Correct, Kerberos is only used under the context of a windows login.
SQL Server authentication just requires the connection to have a valid username and password combination
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
February 26, 2017 at 4:32 pm
I must used mixed mode in my environment. Another layer of security is to set the option in the SQL Server Configuration Manager to require encrypted connections. It encrypts the data sent over the wire to the client. It's surprising what's passed over the wire when this isn't set.
On the topic of the sa login, I leave it disabled - always. The Windows logins for the DBAs have sysadmin privs and nobody else. I saw a demo once on just how easy it is to hack the login and it's been disabled ever since.
February 27, 2017 at 10:04 am
Ed Wagner - Sunday, February 26, 2017 4:32 PMI must used mixed mode in my environment. Another layer of security is to set the option in the SQL Server Configuration Manager to require encrypted connections. It encrypts the data sent over the wire to the client. It's surprising what's passed over the wire when this isn't set.On the topic of the sa login, I leave it disabled - always. The Windows logins for the DBAs have sysadmin privs and nobody else. I saw a demo once on just how easy it is to hack the login and it's been disabled ever since.
With admin access to the Windows server it's extremely easy to re enable the sa login and use it too
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply