Viewing 15 posts - 3,901 through 3,915 (of 6,105 total)
What you are seeing isn't unusual. While SQL Server 7.0 and 2000 were built with certain concepts of security in mind, they didn't spend as much time on "information disclosure"...
November 13, 2003 at 11:26 am
Just as a footnote... Even if a server is set for Windows Authentication, you can set the sa password. Always a good idea. Changing SQL Server from Windows auth to...
November 13, 2003 at 9:24 am
That's correct, it forces the sa password to be set if it was blank, but it did not check its strength.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server...
November 13, 2003 at 7:29 am
If you have other logins with sysadmin rights, you don't have a need for anyone to logon with the sa account. In fact, you don't want anyone to do so...
November 13, 2003 at 7:21 am
You may not need to remember it, but you surely want to audit its change.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
November 12, 2003 at 11:01 am
No, not unless the user is the table owner. Is the DELETE operation too intensive?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
November 11, 2003 at 12:56 pm
To the OS, no. Does it require sysadmin rights within SQL Server? Yes.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql/in_overview_6k1f.asp
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
November 3, 2003 at 6:32 am
SQLBill makes a good point even if the attacks have "stopped." We do penetration testing on our internal systems but we tend to alert ahead of time. I'm sure we'll...
October 31, 2003 at 12:16 pm
A good starting book is SQL Server 2000 Analysis Services Step-by-Step if you don't have any experience with the AS side. It's pretty fast and touches on the top level...
October 29, 2003 at 6:37 pm
You're not going to be able to restrict this on the SQL Server side, so far as I am aware. However, you can set up an IPSec policy that could...
October 29, 2003 at 6:30 pm
If you are seeing that few, you're probably right... what is likely is someone has coded a quick script with a few common passwords in order to try and see...
October 29, 2003 at 6:28 pm
I think there's a confusion on nomenclature on his part because he may not be familiar with SQL Server's login security mechanisms (or relative lack thereof).
Dictionary Attack: Trying a defined...
October 29, 2003 at 7:53 am
Profiler may tell you, but it's possible to spoof the workstation name.
If you setup an alert to fire when a failed login happens, you'll be able to get a...
October 28, 2003 at 2:46 pm
SET ROWCOUNT works, just Microsoft's recommendation is to use TOP.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
October 28, 2003 at 12:43 pm
If you're dealing with hashes, there shouldn't be any telling difference between:
ManchesterUnitedIs#1!
and
#1ManchesterUnited!
Therefore, you won't find Manchester at all. And since you can't find Manchester, you can only try all combos...
October 28, 2003 at 12:39 pm
Viewing 15 posts - 3,901 through 3,915 (of 6,105 total)