December 15, 2003 at 12:21 pm
I've been asked the following questions, but I'm not sure how to respond:
Can the SQL sa password be sniffed over the network?
Is the sa password encrypted when connecting through ODBC?
Thank you
December 15, 2003 at 12:47 pm
Yes, the sa password can be sniffed over the network if you're not using SSL or IPSec. It is encrypted when connecting via ODBC, but the encryption is weak and rather trivial to break:
http://www.sqlservercentral.com/columnists/bkelley/sqlserversecurityloginweaknesses.asp
K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
December 15, 2003 at 1:37 pm
Thank you for your reply.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply