Connect to SQL Server

Re: Connect to SQL Server

On Fri, 15 Aug 2008 20:18:24 +0100, "PeterW" <pwooly@btinter net.com>
wrote:

No.
However you may be able to talk the company into opening up the SQL
Server port 1433 on their firewall (of course after properly securing
such access) so you can use it.

-Tom.
Microsoft Access MVP

Re: Connect to SQL Server

1433 is a the default port for SQL-Server. This may make it a target
for bad nerds or evil nerdettes. Another port can be used. The
connection string can deal with this as
SERVER NAME,1433
or
SERVER NAME,5027

On Aug 15, 10:44 pm, Tom van Stiphout <no.spam.tom7.. .@cox.netwrote:

Re: Connect to SQL Server

Tom van Stiphout <no.spam.tom774 4@cox.netwrote in
news:lkfca4hiad lreveqf9cjelupi oe2juu7qa@4ax.c om:
No competent sysadmin is going to do that.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/

Re: Connect to SQL Server

Thousands do. Almost two years ago I created a blank internet enabled
(port 1433) MS-SQL db and invited anyone who claimed this was insecure
to login and create a table named after himself or herself. So far
there none of these tables has been created.
Why would we think these are insecure? We need a login, username and
password. How is this different than hacking into a site, say
bway.com?
Almost all server sites will shut down anyone who tries a brute force
attack. So unless one can guess the address of the server and that my
login is q30f-!!\o` i9&æú and my password is A£œpi97Q`~pç one will not
be able to connect.
Very sophisticated intrusion prevention devices such as that described
at http://www.tippingpoint.com/products_ips.html protect these sites
from random poking around.

On Aug 16, 5:40 pm, "David W. Fenton" <XXXuse...@dfen ton.com.invalid >
wrote:

Re: Connect to SQL Server

On 16 Aug 2008 21:40:30 GMT, "David W. Fenton"
<XXXusenet@dfen ton.com.invalid wrote:

Many ISPs do just that.
-Tom.

Re: Connect to SQL Server

I saw a conference some years ago (maybe 2005) in Melbourne where a
speaker from MS was illustrating the security related issues with SQL
server 2000 and 2005, and how to set them up to be safe and sound.

He established an instance of SQL Server 2005 running under a guest
account, and stated that he had the same running openly on the net for
anyone to try and hack into. To date, to the best of my knowledge, no-
one has managed to achieve the challenge of breaking into the machine
and either retreiving data from a database, a file off the HD, or
create / modify data on the server.

The bulk of vulnerabilities , apparently, came not from the server
application itself, but rather from poor installation practices and
poor website design that allowed SQL injection or plaintext username
and passwords stored in the code.

There is a lot of ignorance when it comes to 'security', especially
when it comes to IT related security. Everyone has an opinion but very
few of them are actually worth anything.

If you are looking at putting data on to the net with a database of
any form, then you need to look at a simple risk analysis to determine
the security needs. For most things a properly set up database server,
be it SQL Server, Postgres, Access or whatever you want to choose, can
be safe and secure. How secure you need to make it is the more
important question.

- Do you need the data transmitted securely between client and server
- Do you need the data to be stored in an encrypted format
- Should you be using VPN's to get to the server?
- Should the clients be just user authenticated or both user and
machine?
- How much authentication is enough? Tri-factor for the user + a
certificate and some hardware specifics for the machine? Certificates?
etc...
- Should the client machine have a local replicated copy? Should it be
stored securely?
- What is the potential damage / risk if the server is compromised?
- What is the potential damage / risk if the client is compromised?
- What is the potential damage / risk if the transmission is
compromised?

The issue here is not really an issue of SQL server security, but
rather of finding a way to give you the functionality you need with
minimal risk. SQL Server will do a fine enough job on the net for most
things AS LONG AS IT IS SET UP PROPERLY.

Do you scenario risk assessment then make your call on how to approach
and implement it.

Cheers

The Frog

Re: Connect to SQL Server

On Aug 19, 3:34 am, The Frog <Mr.Frog.to.... @googlemail.com wrote:

Re: Connect to SQL Server

Tom van Stiphout <no.spam.tom774 4@cox.netwrote in
news:p0gka4ldac lbfmpuf7v29k1g6 dte3htcdu@4ax.c om:
Repeat:
GoTo Repeat

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/

Re: Connect to SQL Server

Hi Peter,

If you're talking about Remote Desktop Connection, it might be better to post
it to the Windows XP OS forums.

I use Remote Desktop connection for my test server on the local network. For
that you need the server IP address or the server name. But if the host (SQL
Server) OS is Windows XP, you will need to open the ports on the firewall.

You'll also need the user ID and Password on the host to login.

PeterW wrote:--
Please Rate the posting if helps you

Message posted via http://www.accessmonster.com