What do you mean by:

quote:

---

(they are secured out of master and model, might be msdb)

---

K....

We are. Workstation and GSX. I have a SQL Server Active/Passive Cluster using GSX built for testing with Active Directory.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide...

This recent flurry of vulnerabilities shows the validity of that sort of thinking. Got all 3 from NTBugTraq. Got 3 from several of the security newsgroups. Only got 2 from...

Okay. What happens if you fire up QA and use the sa account from a client in Domain A?

Trying to narrow this down.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to...

If I remember right, ENCRYPT() is a one-way function. You can't use it to decrypt the ciphertext (encrypted) string. Also, you probably want to avoid using this function if you...

What happens if you try and connect as sa using Query Analyzer from the client? Same issue?

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

I'll second Allen.

Don't use any of the typical tools that work great on a non-clustered system. You must treat clusters differently because you have two (or more) servers that are...

The batch separator only applies to the client. What Query Analyzer does is it recognizes the batch separator and that determines how it breaks up its submissions to SQL Server....

Workstation will only support Personal or Developer Editions for the server pieces. These links may help:

http://www.microsoft.com/sql/evaluation/overview/default.asp

http://www.microsoft.com/sql/techinfo/planning/SQLResKChooseEd.asp

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

Might be a double hop issue. What happens if a user connects directly to the SQL Server using a client such as Query Analyzer?

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide...

I don't put a lot of trust in getting everything sent from any one source. So I sign up for multiple ones.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to...

3 came from NTBugTraq. 2 of them I got from Microsoft as well.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

There were 3 that came out yesterday. I'm on several different security lists. But here are two good ones:

NTBugTraq:

http://www.ntbugtraq.com/

Microsoft Security Notification Service:

http://register.microsoft.com/regsys/pic.asp

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL...

Ah, good point. I went and reread the @Stake advisory. xp_file_exists is just one of the easiest methods to exploit the vulnerability.

SP4 has a lot of security patches in it....

I'm much in agreement with Chris's differentiator: state.

Web applications can have code executing on the workstation, even through the web browser. Examples are java applets, ActiveX controls, and even...