Results 1 to 4 of 4
  1. #1
    Join Date
    Aug 2003
    Posts
    2

    Unanswered: Remote Laptop SA Password

    Hi All,

    We have remote users using sql server 7 on laptops. They use a vb app and replicate with the main server.

    I have just discovered they have weak passwords on their sa account.
    Others are suggesting that the laptops do not need strong passwords for their sa account as they are only subscribers . Are they talking rubbish?

    Thanks,
    JJC

  2. #2
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    You may want to give a look at the article in BOL about xp_cmdshell. Basically, if a dba (or many programmers for that matter) can get your sa password, that dba/programmer can own your laptop. There was a virus that searched the internet for SQL Servers that had no sa password, and it was shockingly effective.

    If the laptops are only subscribers, and you do not allow anonymous pull subscriptions, you should be ok at the central server, but those laptops really should have their security beefed up.

  3. #3
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    END USERS SHOULD NOT BE USING SA ACCOUNTS!

    Even DBAs shouldn't be using the SA account!

    Even System Administrators should not use the SA account! They should set up an account that grants themselves only the permissions necessary to do their day-to-day tasks, and only log in as SA when absolutely necessary. Otherwise, sooner or later you WILL do something you wish that you hadn't. Don't think of user accounts as restricitions. Think of them as safeguards!

    Give all your users SQL logins or NT logins, and then change your sa password.

    blindman

  4. #4
    Join Date
    Jul 2003
    Location
    San Antonio, TX
    Posts
    3,662
    If possible, set your users' laptops to Windows Authentication only. This way you'll come out clean without having to remember each laptop's SA password, or having to create a user on each laptop.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •