Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GUEST account risks

Posted on 2014-03-20
4
Medium Priority
?
481 Views
Last Modified: 2014-03-25
In relation to the guest account on SQL Server, what are the risks in enabling this on user databases? If you already trust everyone with a SQL level logon whereby the databases are housed?

And secondly, do you access the database via the GUEST account, or your actual SQL login. For example if auditing was enabled, and a user acessed a database via the guest account, would any access/amendments made to the database going to be in the audit logs under the GUEST account. I wasnt sure if this is the main risk, i.e. accountability?
0
Comment
Question by:pma111
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1000 total points
ID: 39942608
The first question I would ask is how secure are the user and administrative passwords? If you are letting users assign their own passwords, you don't know how complex they are. I've seen users try to use their name, company name, Company address and other easy phrases to guess.

I manage client networks and always provide them with their pw. I set it so it does not expire and they cannot change it. This allows you to create a secure password for each account and have confidence that the pw is complex and secure.

After that has been addresses, I'd evaluate the share permissions you are using so it's not open to everybody. Make it authenticated users for something secure like that.
0
 
LVL 3

Author Comment

by:pma111
ID: 39942653
Im talking guest at sql level not windows passwords are strong
0
 
LVL 13

Assisted Solution

by:AielloJ
AielloJ earned 1000 total points
ID: 39943427
pma111:

Guest accounts anywhere are security risks.  Let's examine the premise: You'd be allowing multiple accesses from users/parties that are not known or able to be identified with a username.

Aside from the technical issues, if the data is confidential in nature (medical, finance, accounting, etc) best practices strongly recommend against it, and auditors will write you up for it.

Best regards,

AielloJ
0
 
LVL 3

Author Comment

by:pma111
ID: 39944055
Thats kind of what i was asking though, will actions be logged as the guest user or the sql server level login using the guest account
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question