Avatar of koossa
koossa
 asked on

Password visible in SQL Server 2008 Log file (prerequisite)

I install SQL Server 2008 as part of my visual studio install's prerequisite.
The parameters that I passed in the package.xml file is eg:
Arguments='/q /hideconsole /action=Install ...... /TCPENABLED=1 /SAPWD="MyPassword" /SECURITYMODE=SQL

Open in new window


But when you open the log file during the install you are able to see the parameters (including the database's password)

Any idea how I can hide this?
.NET ProgrammingVisual Basic.NETVisual C++.NET

Avatar of undefined
Last Comment
koossa

8/22/2022 - Mon
SOLUTION
David Johnson, CD

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Nasir Razzaq

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
koossa

ASKER
Hi CodeCruiser, how do I then disable the Windows authentication, because I don't want the windows user to have access to the database.
David Johnson, CD

A normal user doesn't have access with windows integrated authentication unless the person that installs or maintains the database server gives them access. Sql Server has granular access.  Quick read on SQL Security
koossa

ASKER
What I'm currently doing is install SQL server with a SA Password eg: 'Password1'

Then before I create my tables, I first change the SA password
ALTER LOGIN sa WITH PASSWORD = 'Password2' OLD_PASSWORD = 'Password1';

Open in new window


But the problem is, when I log in on the database using Windows Authentication with SQL server management studio I cannot see any tables that I have created using the sa account, but when I go to 'Security' and 'Logins' and go the the windows user and change it's 'user mappings' to all the databases, then the Windows user is able to view and edit all my tables and I don't want any user to get access to these tables because my application's licensing detail is saved in the database.

Only the 'sa' account must be able to view/modify the data.
Your help has saved me hundreds of hours of internet surfing.
fblack61
David Johnson, CD

SA gives the attacker a known item username SA, now its brute force password time.
Every so often I go through my sql server security logs, and I see hundreds of attempts using SA on port 1433 which doesn't exist in my domain.

What ROLE did you give that user?
db_denydatareader: Members can’t view data within the database.
db_denydatawriter: Members can’t change or delete data in tables or views.

What happens if there is already a copy of sql server running on the clients system? What does your installer do then? add another instance? or just add a database to the existing server? or add to master.dbf ?
koossa

ASKER
I install my own unique instance with a unique instance name.
SOLUTION
Nasir Razzaq

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
koossa

ASKER
Yes, I can do that, but I thought SQL server's security would be adequate?
The problem is there are a lot of sensitive data in the database that I don't want to user to access.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
koossa

ASKER
Thank you!!