RE: General Security Question

• From: "SNELL,BEN (HP-UnitedKingdom,ex1)" <ben_snell@xxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 3 Jul 2002 09:14:55 +0100

You can use encryption (I believe that there is an option when installing
SQL Server) although I'm not sure how strong it is.  In theory you should be
able to use a https connection as well using the http/xml api's but again
I've not actually implemented this - only read about it. I'll try to look up
the articles concerned and mail the URL's.
Ben

-----Original Message-----
From: Steven Sporen [mailto:sporens@xxxxxxxxxxx]
Sent: Wednesday, July 03, 2002 9:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: General Security Question


http://www.ISAserver.org


Data sent to the SQL server hosted on the net is unencrypted. Including
your username and password. I would suggest configuring a VPN connection
or a secure tunnel.

There was also talk about a SQL worm which exploited the administrator
account with "sa" no password.

And there's a couple of buffer overflow problems related to in this case
to SQL 2000.
http://online.securityfocus.com/archive/1/277670


Hope this helps

  Regards
     Steven


-----Original Message-----
From: Jon Booth [mailto:jon@xxxxxxxxxxxxxx] 
Sent: 03 July 2002 08:41
To: [ISAserver.org Discussion List]
Subject: [isalist] General Security Question


http://www.ISAserver.org


If I allow an outbound SQL Server connection to a specific trusted
external address what possible security risks does this pose?

Could someone please outline some no matter how paranoid.

Being a security novice I often wonder about this (SQL being just an
example) and would like some clarification.

Thanks
Jon



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sporens@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ben_snell@xxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » General Security Question
• » RE: General Security Question
• » RE: General Security Question
• » Re: General Security Question
• » Re: General Security Question

1. Home
2. isalist
3. Archive
4. 07-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---