Viewing 15 posts - 3,871 through 3,885 (of 6,105 total)
It also needs to be pointed out the compiled code makes it harder for an attacker to investigate the data access. An attacker would have to grab the DLL and...
December 5, 2003 at 8:29 am
Okay, let's take this step-by-step...
Removing the BUILTIN\Administrators, while a good idea, doesn't help your SQL Server security with respect to the web. The reason being a connection from your web...
December 4, 2003 at 1:58 pm
This is something we noticed empirically, I don't have docs saying this is actually the case. Take it with a grain of salt. Jobs run through SQL Agent seem to...
December 4, 2003 at 7:04 am
Here is the readout of a SQL Server:
Microsoft SQL Server 2000 - 8.00.818 (Intel X86)
Dec 17 2002 14:22:05
Copyright (c)...
December 4, 2003 at 6:57 am
Both of those IDs are raised using RAISERROR() in the appropriate stored procedures. EM uses sp_addlogin and sp_droplogin, at least according to a Profiler trace I just ran. You didn't,...
December 3, 2003 at 3:19 pm
Based on the sp_addrolemember stored procedure, only members of the db_owner role can add a user/role to a fixed db role. Here is the relevant code:
...
December 3, 2003 at 2:18 pm
The latest version will have (Updated - SP3) in the title bar. Not sure about the 8.00.002 since all of my versions are updated.
K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish...
December 1, 2003 at 8:51 am
No, SQL Server 2000 Standard requires a Server version of the operating system. Personal Edition or Developer Edition (only available through MSDN) can be installed on Windows 2000 Professional.
K. Brian...
November 29, 2003 at 3:43 pm
You can always write to a temporary file (xp_cmdshell using echo >>), then use xp_cmdshell to call isql or osql and login/execute the create proc statement.
K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start...
November 28, 2003 at 12:17 pm
If you want to dup what permissions you already have, you'd put the account in the local Administrators group for the system. Make the account change through EM because it...
November 27, 2003 at 7:27 am
If the service is set to start under the LocalSystem account, debugging won't work. Either a domain or local account will need to be created and SQL Server configured to...
November 27, 2003 at 6:41 am
Default would be to run under LocalSystem, and debugging requires an actual login, whether local or domain. If you have access to the server, check the account the MSSQLServer service...
November 27, 2003 at 6:09 am
Are those servers running with the service under LocalSystem or are they using a local/domain account?
K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
November 27, 2003 at 6:01 am
You can query against syscomments to find matches (search against text and pull the id), but then you're still going to have to do something like a cursor with sp_helptext...
November 27, 2003 at 5:57 am
Is this consistent for a particular server or intermittent?
K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
November 27, 2003 at 5:55 am
Viewing 15 posts - 3,871 through 3,885 (of 6,105 total)