Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
sql777
Constraint Violating Yak Guru
314 Posts |
 Posted - 2002-07-23 : 19:53:58
|
| I read somewhere that sqlserver passwords can be hacked fairly easy using a brute force of some kind. What measures should one take in securing a server on a webserver?Would it be possibel to restrict any connections to the sqlserver only to a certain I.P address? (connecting with EM or query analyzer)....?any other tips? |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2002-07-23 : 20:08:05
|
| There is a vulnerability in SQL Server's password encryption:http://www.sqlteam.com/redir.asp?ItemID=10075However it seems a little less vulnerable than might first be suggested.You can always configure your SQL Server to use Windows authentication only. AFAIK Windows passwords are more secure and can take advantage of more advanced security features, like minimum password length and enforced password changes, that SQL logins cannot. There is also Windows system auditing as well as SQL Server auditing when using Windows authentication. Windows accounts can also be configured to limit access, so even if your web server gets hacked, your SQL Server can still be safe, and vice versa.You can set up various software to block IP addresses, but this is a separate function from SQL Server. Proxy servers and firewalls could accomplish this as well. |
 |
|
|
|
|
|
Password issues