question

sathishkumar avatar image
sathishkumar asked

Security in sql server 2000

Hi, I have an doubt in sql permissions, that i have traced an user using sa account to login to enterprise manager , is it possible to block the user by using his hostname and NTusername.
sql-server-2000security
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kev Riley avatar image
Kev Riley answered
Not within SQL Server - if the user has the sa password, then that's how they will be identifed - there will be no link to the NT username. If you know the hostname, and the user is outside a firewall, maybe you could do something on the firewall. In SQL2005 and above you can use logon triggers, but this won't be available to you in SQL 2000.
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you so much
0 Likes 0 ·
Håkan Winther avatar image
Håkan Winther answered
The easy solution to this is to change the password of the sa account and don't let anyone know. The sa account shouldn't be used if you care about security. Think of the SA password as your creditcard number, if you give it to someone else you'll loose your money. :)
3 comments
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I think everyone have done the same mistake at least once.
1 Like 1 ·
okay...thanks
0 Likes 0 ·
one more DBA had done this mistake
0 Likes 0 ·
Dave_Green avatar image
Dave_Green answered
I've found that in a controlled (e.g. employee) user base this issue is best tackled with education - if you know why the user is using the sa credentials, you can explain to them the reasons why this isn't desirable - for them as well as you. Often such a conversation will leave both sides happier! It may not be malicious use, but it does need tackling as it is a security risk as mentioned by Hakan Winther above - and it's probably going to be your problem if the user drops a database or two! Of course, education is particularly effective with management support (so that your decision isn't later reversed by a higher authority on the grounds of a user's erroneous belief that they need the access to do their job), and a periodic change of the SA password.
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you so much..
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.