----- Original Message -----
From: "Mikael Olsson" <[EMAIL PROTECTED]>
> > Do not do this if you are using SQL authentication. Even once you have
> > changed the sa password from the default (null), it is still apparently
> > a security hole.
>
> SQL authentication is plain text. Ripping passwords from it is
> like stealing candy from a kid.
>
> To be able allow SQL talk across the internet with anything even
> remotely resembling "security", you'll have to encrypt it somehow.
> I guess plain old SSH tunneling is out of the question (wrong OS),
> so IPsec is probably your best bet. PPTP sucks, so it's not an
> option, and L2TP is probably too cumbersome. (Having your interface
> suddenly be present on the remote network is handy in "RAS"
> scenarios, but it isn't much good if the clients are trying to
> connect to multiple locations at the same time while maintaining
> local network security.)
Note: very good SSH solutions exist for Windows now. http://www.ssh.fi has
commercial versions of SSH2 for Windows that are child's play to set up.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
