Solved

GUEST account risks

Posted on 2014-03-20
4
451 Views
Last Modified: 2014-03-25
In relation to the guest account on SQL Server, what are the risks in enabling this on user databases? If you already trust everyone with a SQL level logon whereby the databases are housed?

And secondly, do you access the database via the GUEST account, or your actual SQL login. For example if auditing was enabled, and a user acessed a database via the guest account, would any access/amendments made to the database going to be in the audit logs under the GUEST account. I wasnt sure if this is the main risk, i.e. accountability?
0
Comment
Question by:pma111
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 39942608
The first question I would ask is how secure are the user and administrative passwords? If you are letting users assign their own passwords, you don't know how complex they are. I've seen users try to use their name, company name, Company address and other easy phrases to guess.

I manage client networks and always provide them with their pw. I set it so it does not expire and they cannot change it. This allows you to create a secure password for each account and have confidence that the pw is complex and secure.

After that has been addresses, I'd evaluate the share permissions you are using so it's not open to everybody. Make it authenticated users for something secure like that.
0
 
LVL 3

Author Comment

by:pma111
ID: 39942653
Im talking guest at sql level not windows passwords are strong
0
 
LVL 13

Assisted Solution

by:AielloJ
AielloJ earned 250 total points
ID: 39943427
pma111:

Guest accounts anywhere are security risks.  Let's examine the premise: You'd be allowing multiple accesses from users/parties that are not known or able to be identified with a username.

Aside from the technical issues, if the data is confidential in nature (medical, finance, accounting, etc) best practices strongly recommend against it, and auditors will write you up for it.

Best regards,

AielloJ
0
 
LVL 3

Author Comment

by:pma111
ID: 39944055
Thats kind of what i was asking though, will actions be logged as the guest user or the sql server level login using the guest account
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question