SQL Server Security Top 10

May 6, 1999

Heres the real basics, how to stop up all the little holes, at the very least you should:

  1. NEVER leave the sa passwd blank!
  2. Using Integrated security - to enforce passwd policies such as min length and reuse.
  3. Abstract the users - a level by only allowing stored procedures to access tables.
  4. Use views - to further abstract the users if possible.
  5. Use only Integrated Security and Named Pipes where ever possible.
  6. Avoid TCP/IP - if at all possible.
  7. Disable stored procedures - such as xp_cmdshell.
  8. Learn the difference - between logins and users and remove as many rights from guest as possible.
  9. Enforce - a security policy and audit levels.
  10. Change the default database - from master to something else.

Copyright ) 1998-99 G.h.van den Berg. All rights reserved.
These pages may not be resold or redistributed without prior written permission from Guy van den Berg