RE: General Security Question

• From: "Steven Sporen" <sporens@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 3 Jul 2002 10:04:50 +0200

Data sent to the SQL server hosted on the net is unencrypted. Including
your username and password. I would suggest configuring a VPN connection
or a secure tunnel.

There was also talk about a SQL worm which exploited the administrator
account with "sa" no password.

And there's a couple of buffer overflow problems related to in this case
to SQL 2000.
http://online.securityfocus.com/archive/1/277670


Hope this helps

  Regards
     Steven


-----Original Message-----
From: Jon Booth [mailto:jon@xxxxxxxxxxxxxx] 
Sent: 03 July 2002 08:41
To: [ISAserver.org Discussion List]
Subject: [isalist] General Security Question


http://www.ISAserver.org


If I allow an outbound SQL Server connection to a specific trusted
external address what possible security risks does this pose?

Could someone please outline some no matter how paranoid.

Being a security novice I often wonder about this (SQL being just an
example) and would like some clarification.

Thanks
Jon



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sporens@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » General Security Question
• » RE: General Security Question
• » RE: General Security Question
• » Re: General Security Question
• » Re: General Security Question

1. Home
2. isalist
3. Archive
4. 07-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---