Viewing 15 posts - 76 through 90 (of 6,104 total)
If there are other DBs which are legitimately accessible by users, you can't.
If there aren't, and if you can authorization to modify your firewall policy on the server, then...
K. Brian Kelley
@kbriankelley
May 21, 2013 at 4:49 pm
If they're in a Windows security group, you can add the group as a login and deny permission to connect to the SQL Server.
However, this is usually seen as a...
K. Brian Kelley
@kbriankelley
April 30, 2013 at 11:08 am
In this scenario you would want to look at setting up a separate database instance. You could even run on the same server.
K. Brian Kelley
@kbriankelley
March 12, 2013 at 9:33 am
Michael Meierruth (3/6/2013)
paul.knibbs (3/6/2013)
SQLCharger (3/6/2013)
Guys,Would this also work with Windows hashes as well?
That would be even more scary (if someone manages to get your Windows hash from a server). :unsure:
There's...
K. Brian Kelley
@kbriankelley
March 6, 2013 at 7:32 am
paul.knibbs (3/4/2013)
Wayne Evans-440401 (3/4/2013)
K. Brian Kelley
@kbriankelley
March 5, 2013 at 3:41 pm
TravisDBA (3/4/2013)
Geoff A (3/4/2013)
TravisDBA (3/4/2013)
Please be Be very careful about suggesting or even implying that people should do this on productiohn SQL Servers. i work for the government and...
K. Brian Kelley
@kbriankelley
March 5, 2013 at 3:36 pm
They are named the same, but they aren't the same. There is a role called db_datareader and there is a schema called db_datareader. This is a holdover from the SQL...
K. Brian Kelley
@kbriankelley
March 4, 2013 at 12:17 pm
If it's sysadmin level, likely it doesn't own any objects as it would have mapped in as dbo to each database. What you can do:
- query sys.database_principals in each DB...
K. Brian Kelley
@kbriankelley
February 28, 2013 at 10:26 am
I have an article on here that talks about Kerberos authentication:
Configuring Kerberos Authentication[/url]
That's a good starting point to understand what is happening.
K. Brian Kelley
@kbriankelley
February 25, 2013 at 1:02 pm
When the OS can't validate who you are, you are NT AUTHORITY\ANONYMOUS LOGON. You typically see this in double hop situations like when you have a client connecting to SSRS...
K. Brian Kelley
@kbriankelley
February 25, 2013 at 9:50 am
I've not personally used it as I prefer native solutions as well. However, the company has been around forever with the xp_crypt production. That might be more of a name...
K. Brian Kelley
@kbriankelley
February 21, 2013 at 12:29 pm
Organizational Units:
Organizational Units (OU) are a structure wthin an Active Directory domain that allows for security delegation within Active Directory itself as well as segmenting GPO deployment. You don't need...
K. Brian Kelley
@kbriankelley
February 20, 2013 at 1:38 pm
Remember that auditing firms make an attestation as to whether you're in compliance. That attestation is basically a statement of confidence. So, yes, it's entirely possible one firm would require...
K. Brian Kelley
@kbriankelley
February 19, 2013 at 1:47 pm
Marie, you could certainly do that, but if the app uses the stored procedure, then the attacker can use it to do what the stored procedure is capable of. The...
K. Brian Kelley
@kbriankelley
February 18, 2013 at 9:38 am
David, I would agree with you that SQL injection attacks should be old news. The problem is they aren't. For instance, the discovery of serious SQL injection vulnerabilities for Ruby...
K. Brian Kelley
@kbriankelley
February 18, 2013 at 9:12 am
Viewing 15 posts - 76 through 90 (of 6,104 total)