SQL Server Security Top 10

May 6, 1999

Heres the real basics, how to stop up all the little holes, at the very least you should:

  1. NEVER leave the sa passwd blank!
  2. Using Integrated security - to enforce passwd policies such as min length and reuse.
  3. Abstract the users - a level by only allowing stored procedures to access tables.
  4. Use views - to further abstract the users if possible.
  5. Use only Integrated Security and Named Pipes where ever possible.
  6. Avoid TCP/IP - if at all possible.
  7. Disable stored procedures - such as xp_cmdshell.
  8. Learn the difference - between logins and users and remove as many rights from guest as possible.
  9. Enforce - a security policy and audit levels.
  10. Change the default database - from master to something else.

Copyright ) 1998-99 G.h.van den Berg. All rights reserved.
These pages may not be resold or redistributed without prior written permission from Guy van den Berg

The Network for Technology Professionals


About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers