> Oh cool! So if I remotely take over a SQL Server, I get full > system rights? I'm there! ;)
You can run SQL Server with non-privileged accounts, actually. By default, historically, most services use SYSTEM, but this is gradually changing with Windows Server 2003. And, it's worth pointing out, the issue of database service rights isn't as important as it is with, say, CF, since the point of an attack is usually to get access to the data, rather than just root the box. The data is what's valuable. Of course, it's easier to get the data from the box if you've rooted it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239949 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
