November 7, 2002 at 5:08 am
I have seen somewhere that the installation of service packs for SQL Server leaves a particular file on the local hard drive that contains logons and passwords in clear text.
Does anyone know the name of the file that contains this info. I'm due to install SP2 for a client and want to make sure that this problem is documented.
November 7, 2002 at 5:49 am
I seem to recall that happened in early SPs for SQL 7 and no mention of the same in SQL 2000. However, I usually delete the files in the temp folder after reboot. But then also search for .log, .sql and .txt files related to sql and look in them or search for the password string against them to be safe.
November 7, 2002 at 7:17 am
Here you go:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263968&
The Knowledge Base article on the issue. If you are wondering if a particlar system has the file still left over, run Microsoft's Baseline Security Analyzer to check (available at the security site http://www.microsoft.com/security). While MBSA has some flaws, it does perform the check for the file (it won't analyze the file) to see if it is on the system if you choose to scan SQL Server.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
November 25, 2002 at 5:32 am
search for killpwd.exe
from MS :
Microsoft has created the KillPwd.exe command utility to search Microsoft® SQL Server™
setup files for the System administrator (sa) login password. If the KillPwd.exe command
utility finds an occurrence of the sa password, the sa password is removed from the log
file. By default, the tool searches the Sqlsp.log, Sqlstp.log, and Setup.iss files in
the %Windir%\Temp and %Temp% folders, where %Windir% and %Temp% are environment variables
that are defined by Microsoft Windows®. The Sqlsp.log and Sqlstp.log files are created
by the SQL Server setup program to log the progress of the SQL Server installation. The
Setup.iss file, also created by the SQL Server setup program, is used for unattended
installations. For more information about the Sqlsp.log and Sqlstp.log files, and
unattended installations, consult your SQL Server documentation.
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply