-
??'s about security patch
I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)
But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:
"The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "
So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?
Thanks!!
-
??'s about security patch (reply)
Hi Jasmin,
The best practice is always using Domain account with administrative priveledges. For SQLServer account sa should have a password even in Development Environment.
-Anu
------------
jasmin at 12/28/2001 12:01:50 PM
I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)
But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:
"The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "
So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?
Thanks!!
-
??'s about security patch (reply)
But,
If the Domain account used by Sqlservice is given less priveledges, I am not sure whether the sqlserver will get affect the environment. Better way is to run the patch first.
-Anu
------------
jasmin at 12/28/2001 12:01:50 PM
I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)
But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:
"The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "
So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?
Thanks!!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|