Jim Lawrence (AccessD)
accessd at shaw.ca
Wed Nov 24 00:16:02 CST 2004
Andrew: Thanks a lot for those links. I have not read all detail but it looks like the right addresses. Jim -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com]On Behalf Of Haslett, Andrew Sent: Tuesday, November 23, 2004 5:52 PM To: 'dba-sqlserver at databaseadvisors.com' Subject: RE: [dba-SQLServer] Back to the login thing >From remote sites, you access just using that port, which obviously requires that port to be forwarded in your router. For internal access, there's also a 'Client Network Utility' you can use to set up an ALIAS to use a different port. I think there are also issues with port 1434(UDP) from memory, but I can't remember exactly what is involved. Anyway I think that's what youre asking? If not, keep firing away! PS - The KB article is here if that helps: http://support.microsoft.com/default.aspx?scid=kb;EN-US;815146 Also, Top 10 tips to secure SQL http://www.microsoft.com/sql/techinfo/administration/2000/security/securings qlserver.asp -----Original Message----- From: Jim Lawrence (AccessD) [mailto:accessd at shaw.ca] Sent: Wednesday, 24 November 2004 11:45 AM To: dba-sqlserver at databaseadvisors.com Subject: RE: [dba-SQLServer] Back to the login thing Andrew: ...and how do you can the logging in to accommodate the new port designation? Jim -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com]On Behalf Of Haslett, Andrew Sent: Tuesday, November 23, 2004 2:29 PM To: 'dba-sqlserver at databaseadvisors.com' Subject: RE: [dba-SQLServer] Back to the login thing "Server Network Utility" - changes the port SQL listens on. There's also a KB article on it. -----Original Message----- From: Jim Lawrence (AccessD) [mailto:accessd at shaw.ca] Sent: Wednesday, 24 November 2004 4:12 AM To: dba-sqlserver at databaseadvisors.com Subject: RE: [dba-SQLServer] Back to the login thing I concur. When setting up authentication on a LAN it is very easy to create a group on the LAN or on the SQL's server and then apply that group to your SQL security. From then on security is a matter for the local system admin and they can just adds or subtracts users from the group(s) as required and it is straight forward to assign various sets of access rights; viewer/user/data-entry/backup/admin. But I do recommend that you create a back-door or two. Maybe add your user name directly to the SQL security and leave SQL authentication available with a very complex password. You hopefully will never have to use them but there is time when they will be required. Like when some admin person inadvertently turns off 'log-ins' or the domain server goes down etc.. There is other way to add to the security. I understand, though I have never done it that you can change the default port (1433) to something else. Francisco Tapia is a proponent of this method and you should check with him on the deployment. HTH Jim -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com]On Behalf Of Haslett, Andrew Sent: Monday, November 22, 2004 9:07 PM To: 'dba-sqlserver at databaseadvisors.com' Subject: RE: [dba-SQLServer] Back to the login thing Fair enough. However, despite what you've read, I wouldn't say SQL Authentication is *insecure* - well, its definitely no worse than entering a username / password on a website which I'm sure you do from time to time.. You still neet to get access *through firewall and NAT* to the network that the server is on (which is currently your LAN) and *then* guess a username and password for an account on SQL, which *then* must have the necessary privileges to do any harm to the server. And to be honest, if your LAN is compromised, odds are the administrator account will be hacked anyway, giving the user access to the SQL server whether you're using Windows or SQL authentication. Anyway, I'm assuming that whatever the final product, its not going to remain on your home LAN is it? What I'm getting at, is that once its finished, an entirely new security model will need to be implemeted on the server that it will reside on, so its pretty much irrelevant as to how you're accessing the database from EM at the moment. Even if it is to remain on your LAN it takes only the click of a button to switch off SQL Authentication.. Considering the trouble its caused you and the time lost trying to set up Windows Auth, seems pretty pointless not to use SQL Authentication to get the job done in the meantime... -----Original Message----- From: John W. Colby [mailto:jwcolby at colbyconsulting.com] Sent: Friday, 19 November 2004 12:56 AM To: dba-sqlserver at databaseadvisors.com Subject: RE: [dba-SQLServer] Back to the login thing Andrew, While I am the only user of this db ATM, in the near future the owners of the database expect to be able to use it in some undetermined manner. I do not know yet the "how" of the access - it will probably be a mix of web server, remote access and / or vb.net application. In any event I have read (and as you are well aware I am totally ignorant on this stuff) that using windows authentication is more secure. I am therefore making every effort to get this set up from the gitgo to do that so I don't have a "gaping security hole" hanging out there forgotten. John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Haslett, Andrew Sent: Wednesday, November 17, 2004 11:11 PM To: 'dba-sqlserver at databaseadvisors.com' Subject: RE: [dba-SQLServer] Back to the login thing As we've suggested multiple times, why are you using Windows Only Authentication? If this is just an internal system, then there's no need. Just set up some accounts using SQL Authentication on the other boxes and connect to it using this username and password. Presto. You're done. -----Original Message----- From: John W. Colby [mailto:jwcolby at colbyconsulting.com] Sent: Thursday, 18 November 2004 1:04 PM To: dba-sqlserver at databaseadvisors.com Subject: [dba-SQLServer] Back to the login thing I really need to get query analyzer able to run on Neo2 SQL Server from all of my workstations. I have gone through the systems setting security on the servers to Windows only / System Account. EM is now able to see Neo2 Server from all the workstations, and can in fact browse the tables, open the main table and return records etc. QA however fails at the login with a consistent "Login failed for user 'Neo2\Guest'". Msg 18456, level 16, state1. On Neo1, Neo2 and Soltek1 I am logging in to Windows as Administrator with an identical password on each of those three machines. I can use QA on Neo2 but I cannot use QA on Neo1 or Soltek1 against Neo2. Can anyone help me figure this thing out? I REALLY need to get all my workstations banging queries against SQL Server on Neo2. John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com IMPORTANT - PLEASE READ ******************** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not. _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com IMPORTANT - PLEASE READ ******************** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not. _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com IMPORTANT - PLEASE READ ******************** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not. _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com IMPORTANT - PLEASE READ ******************** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not. _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com