February 20, 2005 at 12:20 am
I want to know how I can protect my SQL Server database. SQL Server 2000 does not have Database Encryption feature and using only Authentication is not a fool-proof solution, as far as stand-alone desktop application is concerned.
Does password protection of SQL Server 2000 database really works when you have all types of cracking tools widely available on the net?
"Here is a test to find out whether your mission in life is complete. If you're alive, it isn't. "
Richard Bach
February 21, 2005 at 2:10 am
A great place to start is to read Brian Kelley's article on that topic:
http://www.sqlservercentral.com/columnists/bkelley/allarticles.asp or visit http://www.sqlsecurity.com
Here are some more links:
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec03.mspx
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]
February 21, 2005 at 3:17 am
hi Richard,
Basic security concepts that will help you secure your server quickly - disable all network protocols that are not required. If using TCP change the port from 1433 - also hide the server from being polled by SQL EM. Also have you considered SQL over SSL if you are accessiong via http. Make sure you have a very strong sa password and that apps do not use sa. Use groups and only give them the privileges they need.
Hope this helps.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply