Results 1 to 3 of 3

Thread: ??'s about security patch

  1. 12-28-2001, 12:01 PM #1
    jasmin Guest

    ??'s about security patch

    I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)

    But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:

    "The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "

    So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?

    Thanks!!
    Reply With Quote Reply With Quote
  2. 12-28-2001, 04:47 PM #2
    Anu Guest

    ??'s about security patch (reply)

    Hi Jasmin,

    The best practice is always using Domain account with administrative priveledges. For SQLServer account sa should have a password even in Development Environment.

    -Anu



    ------------
    jasmin at 12/28/2001 12:01:50 PM

    I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)

    But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:

    "The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "

    So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?

    Thanks!!
    Reply With Quote Reply With Quote
  3. 12-28-2001, 05:33 PM #3
    Anu Guest

    ??'s about security patch (reply)

    But,

    If the Domain account used by Sqlservice is given less priveledges, I am not sure whether the sqlserver will get affect the environment. Better way is to run the patch first.

    -Anu


    ------------
    jasmin at 12/28/2001 12:01:50 PM

    I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)

    But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:

    "The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "

    So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?

    Thanks!!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules