asked on
Password visible in SQL Server 2008 Log file (prerequisite)
I install SQL Server 2008 as part of my visual studio install's prerequisite.
The parameters that I passed in the package.xml file is eg:
But when you open the log file during the install you are able to see the parameters (including the database's password)
Any idea how I can hide this?
The parameters that I passed in the package.xml file is eg:
Arguments='/q /hideconsole /action=Install ...... /TCPENABLED=1 /SAPWD="MyPassword" /SECURITYMODE=SQL
But when you open the log file during the install you are able to see the parameters (including the database's password)
Any idea how I can hide this?
.NET ProgrammingVisual Basic.NETVisual C++.NET
Last Comment
koossa
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi CodeCruiser, how do I then disable the Windows authentication, because I don't want the windows user to have access to the database.
A normal user doesn't have access with windows integrated authentication unless the person that installs or maintains the database server gives them access. Sql Server has granular access. Quick read on SQL Security
ASKER
What I'm currently doing is install SQL server with a SA Password eg: 'Password1'
Then before I create my tables, I first change the SA password
But the problem is, when I log in on the database using Windows Authentication with SQL server management studio I cannot see any tables that I have created using the sa account, but when I go to 'Security' and 'Logins' and go the the windows user and change it's 'user mappings' to all the databases, then the Windows user is able to view and edit all my tables and I don't want any user to get access to these tables because my application's licensing detail is saved in the database.
Only the 'sa' account must be able to view/modify the data.
Then before I create my tables, I first change the SA password
ALTER LOGIN sa WITH PASSWORD = 'Password2' OLD_PASSWORD = 'Password1';
But the problem is, when I log in on the database using Windows Authentication with SQL server management studio I cannot see any tables that I have created using the sa account, but when I go to 'Security' and 'Logins' and go the the windows user and change it's 'user mappings' to all the databases, then the Windows user is able to view and edit all my tables and I don't want any user to get access to these tables because my application's licensing detail is saved in the database.
Only the 'sa' account must be able to view/modify the data.
SA gives the attacker a known item username SA, now its brute force password time.
Every so often I go through my sql server security logs, and I see hundreds of attempts using SA on port 1433 which doesn't exist in my domain.
What ROLE did you give that user?
db_denydatareader: Members can’t view data within the database.
db_denydatawriter: Members can’t change or delete data in tables or views.
What happens if there is already a copy of sql server running on the clients system? What does your installer do then? add another instance? or just add a database to the existing server? or add to master.dbf ?
Every so often I go through my sql server security logs, and I see hundreds of attempts using SA on port 1433 which doesn't exist in my domain.
What ROLE did you give that user?
db_denydatareader: Members can’t view data within the database.
db_denydatawriter: Members can’t change or delete data in tables or views.
What happens if there is already a copy of sql server running on the clients system? What does your installer do then? add another instance? or just add a database to the existing server? or add to master.dbf ?
ASKER
I install my own unique instance with a unique instance name.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes, I can do that, but I thought SQL server's security would be adequate?
The problem is there are a lot of sensitive data in the database that I don't want to user to access.
The problem is there are a lot of sensitive data in the database that I don't want to user to access.
ASKER
Thank you!!