SQL Server Security Top 10

Heres the real basics, how to stop up all the little holes, at the very least you should:

  1. NEVER leave the sa passwd blank!
  2. Using Integrated security – to enforce passwd policies such as min length and reuse.
  3. Abstract the users – a level by only allowing stored procedures to access tables.
  4. Use views – to further abstract the users if possible.
  5. Use only Integrated Security and Named Pipes where ever possible.
  6. Avoid TCP/IP – if at all possible.
  7. Disable stored procedures – such as xp_cmdshell.
  8. Learn the difference – between logins and users and remove as many rights from guest as possible.
  9. Enforce – a security policy and audit levels.
  10. Change the default database – from master to something else.

Copyright ) 1998-99 G.h.van den Berg. All rights reserved.
These pages may not be resold or redistributed without prior written permission from Guy van den Berg

Previous articlesp_resetstatusflag.sql
Next articlesp_export65.sql

Latest Articles