We are running MS SQLServer 7.0 with ASP on Win 2k Server.
Today suddenly the Web server couldn't connect to the DB Server
because the password for sa was wrong.
We found out that the password was changed.
Is it some kind of hacking thing or just normal password expiration?
The same thing happended several month ago.
Thanks.
SamSam Kong (ssk@.chol.net) writes:
> We are running MS SQLServer 7.0 with ASP on Win 2k Server.
> Today suddenly the Web server couldn't connect to the DB Server
> because the password for sa was wrong.
> We found out that the password was changed.
> Is it some kind of hacking thing or just normal password expiration?
> The same thing happended several month ago.
There is no password expiration in SQL7. So that means that somebody
changed the password for you.
I would recommend that you change to Windows Authentication and turn
off SQL Authentication. I would also recommand that the web server
does not log with an account that has sysadm privileges. Preferrably
it should no special rights, but access to the SQL objects it needs
to access. (And that should ideally only be stored procedures!).
Finally, if the SQL Server is exposed on the Internet, you should
stick it behind a firewall.
All these precautions increase your security and decreases the risk
for malign attacks.
--
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techin.../2000/books.asp
No comments:
Post a Comment