As I prepare for SQL Security presentation, I realized when I logged into
SQL using Query Analyzer, the password I typed was not case sensitive. I
know changing the character set to case sensitive would have solve that
issue but it would have effected other databases and my application as well.
What technique is used by SQL to retrieve and used the stored encrypted in
the system tables(syslogins)
/Gill
-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill (at) gilltechnologies (dot) com [email concealed]]
Sent: Sunday, February 08, 2004 11:25 PM
To: 'focus-ms (at) securityfocus (dot) com [email concealed]'
Subject: Looking for SQL security details
Greetings
I am preparing for a "10 Steps To Help Secure SQL Server 2000" presentation.
I would have to carry out demos of vulnerabilities, hacks, break-in. All I
have are microsoft Security Guides. They aren't efficient enough for a
full-blown demos.
Please advice how do I begin.
Regards
Gill
------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Greetings,
As I prepare for SQL Security presentation, I realized when I logged into
SQL using Query Analyzer, the password I typed was not case sensitive. I
know changing the character set to case sensitive would have solve that
issue but it would have effected other databases and my application as well.
What technique is used by SQL to retrieve and used the stored encrypted in
the system tables(syslogins)
/Gill
-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill (at) gilltechnologies (dot) com [email concealed]]
Sent: Sunday, February 08, 2004 11:25 PM
To: 'focus-ms (at) securityfocus (dot) com [email concealed]'
Subject: Looking for SQL security details
Greetings
I am preparing for a "10 Steps To Help Secure SQL Server 2000" presentation.
I would have to carry out demos of vulnerabilities, hacks, break-in. All I
have are microsoft Security Guides. They aren't efficient enough for a
full-blown demos.
Please advice how do I begin.
Regards
Gill
------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
------------------------------------------------------------------------
---
[ reply ]