Consider I have a DB like that. And there is a stored procedure in it that shouldn't be all too public. How safe is it?
Or rephrased: how hard is it to break into such a DB?
Matter of days, hours, minutes? Skill required?
thanks,
Helger
Consider I have a DB like that. And there is a stored procedure in it that shouldn't be all too public. How safe is it?
Or rephrased: how hard is it to break into such a DB?
Matter of days, hours, minutes? Skill required?
thanks,
Helger
MSSqlServer 2k is very secure.. But just as with anything.. if someone is REALLY targetting you, they will find a way in
Make sure you are hiding all of your connection strings and not letting them get out into the open
Change your password on a regular basis and only have 1 user with access, you! (no back door)
-mcd
:) Just how secure is very secure? Any guesses as to how hard it really is to get into a DB (like measured in time or skill or whatever)?
Helger
Well.. that depends on how secure your network is... If your network is tight, then its harder.. if not, then someone who is targeting you could fairly easily get into your db.. if they can get access to a file that has the connection string with the user/pw in it.. its all down hill from there.
how long would it take to hack into your network/webserver? add about 2 minutes to that
-mcd
:rolleyes: I'm not interested in network security, sorry. suppose someone has the whole thing somehow on his computer or is sitting right at the server-computer. Now let him try to open the whole thing.
Question: did you ever try this yourself?
thx for the replies,
Helger
SQL Server 2000 allows your to grant permissions on an object basis. For example, you could let client X only be able to execuate a particular sproc (stored procedure) and not able to do a damn thing else. There are two types of authentication when dealing with SQL Server 2000: Windows Authentication and SQL Server 2000. Since SQL Server 2000 is so tightly integrated with Windows, I would rely on windows authentication.
www.sqlsecurity.com is a good link.
If someone is locally logged on to the SQL Server, they could potentially just delete the database files on the hard disk if they have permission. Physical access is a big security hole -- they could just wear boots and kick the computer.:D