[dba-SQLServer] Logins on workstation

Steve Erbach erbachs at gmail.com
Sun Feb 13 10:32:23 CST 2005


Dear Group,

I downloaded the DB Designer 4 from FabForce to check it out. I
thought I'd see what it could do with a database I've got on my
workstation's copy of SQL Server 2000. It has helped me in my
development of a .NET application.

Anyway, my SQL Server uses Windows authentication and I change my
workstation password every 60 days. Imagine my surprise today when I
looked at the Logins under Security for my server...and I found 459
logins!!!!!!!?????

What the heck, over? I looked at the properties for a bunch of these
bogus logins and I see that all the Authentication options are
disabled, but there's a password listed and the radio button for SQL
Server Authentication is selected. None of these users (at least the
ones I've checked so far) have no Server roles selected nor do they
have permissions for any of the databases I've got.

Now this is creeping me out because:

1) I have a Router
2) I use ZoneAlarm Pro

Looking at my ZoneAlarm Pro settings, I see that the settings I used
to have for blocking incoming UDP and TCP requests on the SQL Server
ports are gone. Does this mean that, since I have my SQL Server
running all the time on my workstation, that SQL Server requests have
been made hundreds of times and neither my router's firewall nor
ZoneAlarm has raised a red flag?

Any thoughts on this? My period of alarm is past since it appears that
none of these Logins have access to anything...but how did they get
into my server?

Regards,

Steve Erbach
Scientific Marketing
Neenah, WI
www.swerbach.com
Security Page: www.swerbach.com/security



More information about the dba-SQLServer mailing list