Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
shaikhu
Starting Member
4 Posts |
 Posted - 2012-01-10 : 02:04:08
|
| Dear All, I have a business application (2 tier) in my environment and the backend is SQL database. I dont know what Platform is being used to develop this application. Somehow we end up in terminating the contract with the suppliers. I want to know that is there a way through which the vendors could access my servers and remove the application or stop access to it without me knowing. Please note that the vendor does not have any remote access to the server directly or through VPN or any other remote access tool and nor there are any license keys installed which required to be there for the application to work.I was thinking if they have some hard coded user names or passwords in the application through which they could login to the server and do something. But there is no remote access to the server unless and until provided intentionally.Need recommendations if any checks need to be performed.Please let me know if you can recommend to perform some checks to ensure that there Tks. |
|
|
Sachin.Nand
2937 Posts |
Posted - 2012-01-10 : 03:03:23
|
| I would identify the usernames which were shared with them and change the passwords.After Monday and Tuesday even the calendar says W T F .... |
 |
|
|
shaikhu
Starting Member
4 Posts |
Posted - 2012-01-10 : 04:49:50
|
| Thanks for the reply. Change the passwords of all the users in the application or in the database. What if I already changed those, still can they access from somehow and do any changes into the system? |
|
|
|
shaikhu
Starting Member
4 Posts |
Posted - 2012-01-10 : 05:15:10
|
| What I see in the SQL Management Studio, under logins there are two users created which I doubt are being used for their application (which is an accouting and HR application), If i change the password it might stop the application to work. My question is without changing the passwords and leaving it as it is, still can they access it somehow? |
|
|
|
Sachin.Nand
2937 Posts |
Posted - 2012-01-10 : 05:56:11
|
quote:
Originally posted by shaikhu
What I see in the SQL Management Studio, under logins there are two users created which I doubt are being used for their application (which is an accouting and HR application), If i change the password it might stop the application to work. My question is without changing the passwords and leaving it as it is, still can they access it somehow?
NoAfter Monday and Tuesday even the calendar says W T F .... |
|
|
|
shaikhu
Starting Member
4 Posts |
Posted - 2012-01-10 : 10:14:02
|
| Dear Sachin,Thank you very much for your answers. Another doubt I have is, what is the possibility of their application which is the front end having some codes embedded with the expiry dates coded which will trigger the system stop on certain dates? This is all assumptions but I am trying to protect and take necessary actions before the attack. |
|
|
|
|
|
|
Application Security - Remote Access