SQL Server security: Authentication

SQL Server security has been bolstered by the application's handling of authentication and permissions. In recent years, SQL Server customers have demanded stronger authentication and more granular permissions. In SQL Server 2000 and below, it was frequently difficult to configure SQL Server to run under a service account with low privileges. For example, both SQL Server Full-Text Search and replication required (by default) administrator access to the machine.

If a machine running under elevated security privileges was exploited by a buffer overflow attack (such as slammer), the hacker would have complete rights over the Windows machine running the compromised SQL Server. If this SQL Server account was running under a domain account, the hacker would have network privil

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Relational Database Management Systems (RDBMSes) Troubleshooting a failed SQL Server 2008 installation Microsoft SQL Server 2008 guide Oracle Database 11g study guide Federated databases Metadata Basics Oracle RAC troubleshooting advice and application migration tips Oracle Database 11g tutorial Systems products to pay attention to Reasons to upgrade to SQL Server 2008 SQL Server security: Enhancements in encryption, authentication and auditing Database Management Services Troubleshooting a failed SQL Server 2008 installation Microsoft SQL Server 2008 guide Oracle Database 11g study guide FAQ: SQL Server 2008 high-availability services High-availability options in SQL Server 2008 Bridging the IT/business gap in business intelligence projects Business intelligence consulting: Problems and solutions Data management concerns of MDM-CDI architecture SSIS brings business intelligence services prospects Oracle RAC troubleshooting advice and application migration tips

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

eges and could compromise other machines on the network that also ran under this account or machines that had granted rights to the compromised SQL Server account. If the compromised SQL Server ran under a domain account, the hacker would have administrator privileges to the entire domain.

To prevent this from happening, SQL Server 2005 was locked by the use of five features:

In SQL Server 2008, SAC's functionality was been absorbed into the SQL Server Configuration Manager. The other security features discussed above remain in SQL Server 2008. You should examine your clients' SQL Server installations to ensure that they are following security best practices and educate them on these authentication and permissions features.

Go to page: 1 - 2 - 3