accessing sql server (via sql authentication)

weve recently had a security audit that identified weak passwords associated with mssql authentication accounts. I wondered, how could an insider exploit those and access the database, would they need admin (OS) rights on the server, or are there tools on a standards windows 7 machine that they could use to access the server via the SQL account.
Who is Participating?
geek_vjConnect With a Mentor Commented:
SQL Authentication doesnt need the user to access SQL Server from OS level. Thats the reason it is more risky where as windows authentication is more secured as it passes through stages of authentication (including Kerberos authentication from Windows level)

SQL Authenticated user is a stand alone user and doesnt have any association with OS level groups/users/administrators.

Using the sql authenticated user, anyone can directly access the database from anywhere through the network if the user is having sufficient access.

So, it is recommended to disable SQL authentication on a production server (unless the application is a heterogenous application)

Hope this helps!
Chris MangusConnect With a Mentor Database AdministratorCommented:
To piggyback on the first comment, a user with the proper username and password could easily create an ODBC connection to the database and use the tool of their choice to access the data...MSAccess, MSExcel, vbscript, VB.NET, etc.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.