June 15, 2017 at 3:33 am
Hello,
Could anyone please give any practical scenrio which can represent the serious security breach while using built in system accounts.
Regards
VG
June 15, 2017 at 4:33 am
Vivek
The main problem is that the Local System account is an admin on the server, which means that SQL Server will, in effect, have access to the whole server. Somebody could maliciously or accidentally write code that does damages to resources outside of SQL Server, for example using xm_cmdshell. Conversely, using Local System means you don't have access to resources on different servers, for example to perform backups or restores across the network.
John
June 15, 2017 at 4:44 am
John Mitchell-245523 - Thursday, June 15, 2017 4:33 AMusing Local System means you don't have access to resources on different servers, for example to perform backups or restores across the network.
This is not quite correct, a service runn8ing under the context NT AUTHORITY\SYSTEM can authenticate to the network via the computer account
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
June 15, 2017 at 7:08 am
Thank you John and Perry
Regards
VG
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply