Steve Erbach
erbachs at gmail.com
Sun Feb 13 10:32:23 CST 2005
Dear Group, I downloaded the DB Designer 4 from FabForce to check it out. I thought I'd see what it could do with a database I've got on my workstation's copy of SQL Server 2000. It has helped me in my development of a .NET application. Anyway, my SQL Server uses Windows authentication and I change my workstation password every 60 days. Imagine my surprise today when I looked at the Logins under Security for my server...and I found 459 logins!!!!!!!????? What the heck, over? I looked at the properties for a bunch of these bogus logins and I see that all the Authentication options are disabled, but there's a password listed and the radio button for SQL Server Authentication is selected. None of these users (at least the ones I've checked so far) have no Server roles selected nor do they have permissions for any of the databases I've got. Now this is creeping me out because: 1) I have a Router 2) I use ZoneAlarm Pro Looking at my ZoneAlarm Pro settings, I see that the settings I used to have for blocking incoming UDP and TCP requests on the SQL Server ports are gone. Does this mean that, since I have my SQL Server running all the time on my workstation, that SQL Server requests have been made hundreds of times and neither my router's firewall nor ZoneAlarm has raised a red flag? Any thoughts on this? My period of alarm is past since it appears that none of these Logins have access to anything...but how did they get into my server? Regards, Steve Erbach Scientific Marketing Neenah, WI www.swerbach.com Security Page: www.swerbach.com/security