Solved

GUEST account risks

Posted on 2014-03-20
4
453 Views
Last Modified: 2014-03-25
In relation to the guest account on SQL Server, what are the risks in enabling this on user databases? If you already trust everyone with a SQL level logon whereby the databases are housed?

And secondly, do you access the database via the GUEST account, or your actual SQL login. For example if auditing was enabled, and a user acessed a database via the guest account, would any access/amendments made to the database going to be in the audit logs under the GUEST account. I wasnt sure if this is the main risk, i.e. accountability?
0
Comment
Question by:pma111
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 39942608
The first question I would ask is how secure are the user and administrative passwords? If you are letting users assign their own passwords, you don't know how complex they are. I've seen users try to use their name, company name, Company address and other easy phrases to guess.

I manage client networks and always provide them with their pw. I set it so it does not expire and they cannot change it. This allows you to create a secure password for each account and have confidence that the pw is complex and secure.

After that has been addresses, I'd evaluate the share permissions you are using so it's not open to everybody. Make it authenticated users for something secure like that.
0
 
LVL 3

Author Comment

by:pma111
ID: 39942653
Im talking guest at sql level not windows passwords are strong
0
 
LVL 13

Assisted Solution

by:AielloJ
AielloJ earned 250 total points
ID: 39943427
pma111:

Guest accounts anywhere are security risks.  Let's examine the premise: You'd be allowing multiple accesses from users/parties that are not known or able to be identified with a username.

Aside from the technical issues, if the data is confidential in nature (medical, finance, accounting, etc) best practices strongly recommend against it, and auditors will write you up for it.

Best regards,

AielloJ
0
 
LVL 3

Author Comment

by:pma111
ID: 39944055
Thats kind of what i was asking though, will actions be logged as the guest user or the sql server level login using the guest account
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe the Detach & Attach method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question