July 30, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Forums > Discussions > SQL Server Security
Subject: Shared SQL Server DB
Prev Next
Add Reply

Author Messages
pborax
10/09/2002 11:24 PM Quote Reply Alert 
What are the risk for using a shared MS SQL Server 2000 DB in a hosting environment? We have an application that is based on MS SQL Server 2000 DB
Chip Andrews
10/14/2002 5:06 PM Quote Reply Alert 
The risks? Hmm, lets see: *All logins exist in same master db. This means any login can see other databases (even if they can't access them) and can see the names of other logins through the syslogins view (select name from syslogins) *A failure in the SQL Server server instance affects ALL databases (think denial of service) *Buffer overflow attacks can give OS access affecting other databases In all cases installing all SQL Server's as separate instances for each customer can mitigate many of these risks. Keep in mind that if you create separate instances it is VERY important to create a separate service account for each instance. This will keep a BO for one instance from giving instant access to the db files of another instance and long as your ACLs are set correctly. Chip
Add Reply
Forums > Discussions > SQL Server Security > Shared SQL Server DB
Quick Reply
Username:  
Subject:  
Body:
 



ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use