Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
esthera
Master Smack Fu Yak Hacker
1410 Posts |
 Posted - 2005-11-16 : 04:52:24
|
| i had an mssql db that was hacked.how can i restrict those who access the db through enterprise manager by ip address?Of course the data pulled out in asp needs to be available to the asp on other servers.any other important security measures i should know about to keep a mssql db from being hacked? |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-11-16 : 05:32:12
|
| change the default settingschange the standard account passwordsforce change the windows account passwordsturn on c2 auditing on that serverif you've identified the ip address or subnet, ask your netadmin to block those addressesrestrict user permissions to only what is appropriate - avoid db_datareader and db_datawriterenforce use of stored procedures and functionsHTH--------------------keeping it simple... |
 |
|
|
esthera
Master Smack Fu Yak Hacker
1410 Posts |
Posted - 2005-11-16 : 06:03:29
|
| any webpages you can recommend to give more info on how to do the above? |
|
|
|
|
|
|
limiting ip's of server