We have 5 sql server 2000 server boxes. We also have several people who have
sql server 2000 on their workstations. I work on keeping the servers secure
but I have no idea what people do on their workstations. I'm wondering if
there is a security risk to having an unsecure sql server workstation. If
someone can get on one of the workstations (say sa doesn't have a password)
does that it make it any easier to possibly get to one of the servers?
Thanks,
--
Dan D.Dan,
SQL Server on a workstation still is rights constrained. So it is all about
the rights the person has either through his own login or through other
logins to which he knows the passwords.
If a person is running a desktop SQL Server with the same service account as
your production SQL Server, then you have a security problem. (But the real
problem may be the he has that information.)
If a person is running his desktop SQL Server as himself _and_ he has no
extraordinary rights to the production SQL Server, then there should be no
added exposure.
Getting into the workstation as 'sa' does not map to 'sa' on another machine
through a linked server unless the passwords are identical. (I believe that
is the exposure.) But I trust that your production SQL Server does not have
a blank or easily guessed password.
However, if a person has rights to data he could insert it into his desktop
database, which might be a security breach. Of course, he could insert it
into an Access MDB, and Excel spreadsheet, and so forth.
It is important to control rights carefully _and_ to have clear policies on
what is allowed and not allowed with the company data and for whom it is
allowed.
RLF
"Dan D." <DanD@.discussions.microsoft.com> wrote in message
news:97601E73-7DF0-4B12-9CA8-2ED2158A0456@.microsoft.com...
> We have 5 sql server 2000 server boxes. We also have several people who
> have
> sql server 2000 on their workstations. I work on keeping the servers
> secure
> but I have no idea what people do on their workstations. I'm wondering if
> there is a security risk to having an unsecure sql server workstation. If
> someone can get on one of the workstations (say sa doesn't have a
> password)
> does that it make it any easier to possibly get to one of the servers?
> Thanks,
> --
> Dan D.|||That's what I thought. I just wanted to be sure that I wasn't missing
something. Thanks Russell.
--
Dan D.
"Russell Fields" wrote:
> Dan,
> SQL Server on a workstation still is rights constrained. So it is all abo
ut
> the rights the person has either through his own login or through other
> logins to which he knows the passwords.
> If a person is running a desktop SQL Server with the same service account
as
> your production SQL Server, then you have a security problem. (But the re
al
> problem may be the he has that information.)
> If a person is running his desktop SQL Server as himself _and_ he has no
> extraordinary rights to the production SQL Server, then there should be no
> added exposure.
> Getting into the workstation as 'sa' does not map to 'sa' on another machi
ne
> through a linked server unless the passwords are identical. (I believe tha
t
> is the exposure.) But I trust that your production SQL Server does not ha
ve
> a blank or easily guessed password.
> However, if a person has rights to data he could insert it into his deskto
p
> database, which might be a security breach. Of course, he could insert it
> into an Access MDB, and Excel spreadsheet, and so forth.
> It is important to control rights carefully _and_ to have clear policies o
n
> what is allowed and not allowed with the company data and for whom it is
> allowed.
> RLF
> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> news:97601E73-7DF0-4B12-9CA8-2ED2158A0456@.microsoft.com...
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment