Viewing 15 posts - 3,901 through 3,915 (of 6,104 total)
Just as a footnote... Even if a server is set for Windows Authentication, you can set the sa password. Always a good idea. Changing SQL Server from Windows auth to...
K. Brian Kelley
@kbriankelley
November 13, 2003 at 9:24 am
That's correct, it forces the sa password to be set if it was blank, but it did not check its strength.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server...
K. Brian Kelley
@kbriankelley
November 13, 2003 at 7:29 am
If you have other logins with sysadmin rights, you don't have a need for anyone to logon with the sa account. In fact, you don't want anyone to do so...
K. Brian Kelley
@kbriankelley
November 13, 2003 at 7:21 am
You may not need to remember it, but you surely want to audit its change.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
November 12, 2003 at 11:01 am
No, not unless the user is the table owner. Is the DELETE operation too intensive?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
November 11, 2003 at 12:56 pm
To the OS, no. Does it require sysadmin rights within SQL Server? Yes.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql/in_overview_6k1f.asp
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
November 3, 2003 at 6:32 am
SQLBill makes a good point even if the attacks have "stopped." We do penetration testing on our internal systems but we tend to alert ahead of time. I'm sure we'll...
K. Brian Kelley
@kbriankelley
October 31, 2003 at 12:16 pm
A good starting book is SQL Server 2000 Analysis Services Step-by-Step if you don't have any experience with the AS side. It's pretty fast and touches on the top level...
K. Brian Kelley
@kbriankelley
October 29, 2003 at 6:37 pm
You're not going to be able to restrict this on the SQL Server side, so far as I am aware. However, you can set up an IPSec policy that could...
K. Brian Kelley
@kbriankelley
October 29, 2003 at 6:30 pm
If you are seeing that few, you're probably right... what is likely is someone has coded a quick script with a few common passwords in order to try and see...
K. Brian Kelley
@kbriankelley
October 29, 2003 at 6:28 pm
I think there's a confusion on nomenclature on his part because he may not be familiar with SQL Server's login security mechanisms (or relative lack thereof).
Dictionary Attack: Trying a defined...
K. Brian Kelley
@kbriankelley
October 29, 2003 at 7:53 am
Profiler may tell you, but it's possible to spoof the workstation name.
If you setup an alert to fire when a failed login happens, you'll be able to get a...
K. Brian Kelley
@kbriankelley
October 28, 2003 at 2:46 pm
SET ROWCOUNT works, just Microsoft's recommendation is to use TOP.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
October 28, 2003 at 12:43 pm
If you're dealing with hashes, there shouldn't be any telling difference between:
ManchesterUnitedIs#1!
and
#1ManchesterUnited!
Therefore, you won't find Manchester at all. And since you can't find Manchester, you can only try all combos...
K. Brian Kelley
@kbriankelley
October 28, 2003 at 12:39 pm
If it's not showing Hai, what is it showing?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
October 28, 2003 at 11:47 am
Viewing 15 posts - 3,901 through 3,915 (of 6,104 total)