In addition to the automated attacks, you need to think about the attacks from within...I'm not sure if any recent SQL2000 SPs have fixed this, or if it is true in SQL2005, but in the past a user in enterprise manager could see the names all of the other databases that are on the box, even if they don't have rights to them. At that point an attacker (who is another user on the box...do you trust those 100+ strangers who are on their with you?) has the database name, and most likely the username (since many hosts have the habit of naming the database and the database user the same thing). With that, they can start a dictionary attack on your database...if the host isn't logging failed logins, or isn't paying attention to the logs, that may be successful. So, if you are using a host that allows direct access to a shared SQL box, I would also recommend: 1. Ask for the database username to be something different from the database name 2. Make sure you have a very secure password
-- Jim Wright Wright Business Solutions [EMAIL PROTECTED] 919-417-2257 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:231492 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
