Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 493
  • Last Modified:

GUEST account risks

In relation to the guest account on SQL Server, what are the risks in enabling this on user databases? If you already trust everyone with a SQL level logon whereby the databases are housed?

And secondly, do you access the database via the GUEST account, or your actual SQL login. For example if auditing was enabled, and a user acessed a database via the guest account, would any access/amendments made to the database going to be in the audit logs under the GUEST account. I wasnt sure if this is the main risk, i.e. accountability?
0
pma111
Asked:
pma111
  • 2
2 Solutions
 
Tony GiangrecoCommented:
The first question I would ask is how secure are the user and administrative passwords? If you are letting users assign their own passwords, you don't know how complex they are. I've seen users try to use their name, company name, Company address and other easy phrases to guess.

I manage client networks and always provide them with their pw. I set it so it does not expire and they cannot change it. This allows you to create a secure password for each account and have confidence that the pw is complex and secure.

After that has been addresses, I'd evaluate the share permissions you are using so it's not open to everybody. Make it authenticated users for something secure like that.
0
 
pma111Author Commented:
Im talking guest at sql level not windows passwords are strong
0
 
AielloJCommented:
pma111:

Guest accounts anywhere are security risks.  Let's examine the premise: You'd be allowing multiple accesses from users/parties that are not known or able to be identified with a username.

Aside from the technical issues, if the data is confidential in nature (medical, finance, accounting, etc) best practices strongly recommend against it, and auditors will write you up for it.

Best regards,

AielloJ
0
 
pma111Author Commented:
Thats kind of what i was asking though, will actions be logged as the guest user or the sql server level login using the guest account
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now