Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2005-12-09 : 07:01:01
|
| satish writes "Hi,I would like to know the table/log which is populated by the SQL SERVER when failed attemps to login a SQL SERVER using SQL INJECTION IS done. users may try to log into a sql server using SQL INJECTION . He may succeed after some failed attempts .I would like to write a code which would monitor for any illegal login attemps and inform the administrator .Can anyone tell the log file / table which contains information regarding failed login attemps." |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2005-12-09 : 07:10:30
|
| There is no table in SQL Server that holds these events. You can configure your SQL Server to audit login attempts. In Enterprise Manager, right-click the server, choose Properties, Security tab, and choose the audit level you prefer. The SQL Server error log would show when logins were attempted and whether they failed or not.You can also set an alert on your SQL Server for failed login events. These can be set up through Enterprise Manager under Management, SQL Server Agent, Alerts. You'd want to create an alert for and error message containing "login". This may be less desirable if there are many login attempts, it could flood the admin's email if you're being attacked by a worm or something.By the way, SQL injection cannot be used to attempt a login. SQL injection is a technique to modify or add SQL commands to an existing command; the connection is already attempted, and would likely succeed. The app would unlikely be deployed if the connections always failed. Login attempts would be made by worms or hackers without trying to piggyback on an existing application. |
 |
|
|
|
|
|
Parse errors generated due to Sql Injection