Martin wrote:
>
> Do not do this if you are using SQL authentication. Even once you have
> changed the sa password from the default (null), it is still apparently
> a security hole.
SQL authentication is plain text. Ripping passwords from it is
like stealing candy from a kid.
> If you're doing NT auth it should be okay as long as you restrict
> incoming traffic to a specific address.
Unless you're sniffing the NT hashes and running them through
l0phtcrack (which, as we now, is blazingly fast, thanks to
the way microsoft designed their so-called hashes. thanks!)
To be able allow SQL talk across the internet with anything even
remotely resembling "security", you'll have to encrypt it somehow.
I guess plain old SSH tunneling is out of the question (wrong OS),
so IPsec is probably your best bet. PPTP sucks, so it's not an
option, and L2TP is probably too cumbersome. (Having your interface
suddenly be present on the remote network is handy in "RAS"
scenarios, but it isn't much good if the clients are trying to
connect to multiple locations at the same time while maintaining
local network security.)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
