We are a small hosting company and have Windows servers only. For database solutions we have always offered mySQL for reasons of costs. Last week we were 'forced' to get MS-SQL for some clients. We know of MS-SQL, but never used it because of the high costs.
Now that we have it and knowing it was enterprise class we expected great things and we quickly became very disappointed with it.
1) Within a week of operation we had several hacking attempts. With mySQL we never had one attempt. We have to firewall the offending IPs to prevent further abuse.
2) There is no way to IP restrict an account, like the sa account where most hacking attempts were focused on. Why can you not have the sa account to be local access only!
How do other hosting companies deal with this because we obviously need the MS-SQL port open so clients can access their database.
I have worked in a bank with 66 SQL Servers running 24/7 you have to create one account for MSSQL Server service and one for SQL Server Agent, the Agent account must have more rights than the other. You may also create another account for all your SQL Permissions
because you are a web hosting company. So you need only three service accounts for all your SQL Server installations, the MSSQL Server service and SQL permissions accounts can be restricted but you cannot restrict the SQL Server Agent account because so
many services in SQL Server are dependent on it. Microsoft did not come up the these things they were forced by ANSI SQL users. When a system is resources starved it will not work. You can disable or rename the sa account but leave the guest account alone
it can break your system. Hope this helps.
SWD
Member
5 Points
1 Post
security with SQL server 2000??
Apr 14, 2005 04:43 AM|LINK
We are a small hosting company and have Windows servers only. For database solutions we have always offered mySQL for reasons of costs. Last week we were 'forced' to get MS-SQL for some clients. We know of MS-SQL, but never used it because of the high costs. Now that we have it and knowing it was enterprise class we expected great things and we quickly became very disappointed with it.
1) Within a week of operation we had several hacking attempts. With mySQL we never had one attempt. We have to firewall the offending IPs to prevent further abuse.
2) There is no way to IP restrict an account, like the sa account where most hacking attempts were focused on. Why can you not have the sa account to be local access only!
How do other hosting companies deal with this because we obviously need the MS-SQL port open so clients can access their database.
Caddre
All-Star
26581 Points
5308 Posts
Re: security with SQL server 2000??
Apr 15, 2005 03:54 AM|LINK
Gift Peddie