SQL Server, a relational database management system, is designed for the enterprise but often used by the SMB. A key way to protect your (or your customer’s) SQL Server is with strong passwords for the login accounts. Unfortunately, with SQL Server 2000 and older versions of Microsoft SQL Server, the server installed with a blank system administrator password by default, allowing the use of a blank password. This security hole permits anyone to connect without much work at all.
Even in newer versions of SQL Server, SQL accounts can be easily broken into by brute force password attacks. This chapter download from Securing SQL Server, (Syngress, 2011) by Danny Cherry, outlines the best strategies to maintain SQL Server password security. For more information about the book, visit Elsevier’s product page.
INFORMATION IN THIS CHAPTER
- SQL Server Password Security
- Strong Passwords
- Encrypting Client Connection Strings
- Application Roles
- Using Windows Domain Policies to Enforce Password Length
©2011 Elsevier, Inc. All rights reserved. Printed with permission from Syngress, a division of Elsevier. Copyright 2011. “Securing SQL Server” by Danny Cherry. For more information on this title and other similar books, please visit elsevierdirect.com.
Click here to download Chapter 3 from Securing SQL Server by Danny Cherry.