Issue
Can someone else connect to my SQL Server using my Windows Authentication or am I the only one? I saw that there is an option for "allow remote connections" in SSMS, so I'm wondering if someone has my connection credentials, such as server name and database, can they connect to it?
Is the server name "sensitive information" or does it not matter? I'm wondering because I always get hesitant typing out my server name which is DESKTOP-xxxxx (x in place of the actual numbers, which is the thing I'm not sure is sensitive or not)
example:
conn = pyodbc.connect('Driver={ODBC Driver 17 for SQL Server};'
'Server=DESKTOP-xxxxxx;' **<--------is this sensitive info?**
'Database=Test_Database;' **<--------is this sensitive info?**
'Trusted_Connection=yes;')
Solution
Ignore the SSMS allow remote connection option. Per the documentation:
This configuration option is an obscure SQL Server to SQL Server communication feature that is deprecated
Use SQL Server Configuration Manager to view, enable, or disable protocols as desired. Remote TCP/IP and Named pipes are disabled by default.
If someone besides you knows your Windows credentials, you have bigger issues. Although they will not be able to connect to SQL Server remotely when the protocols are disabled, they could still get to your database via other means (e.g. RDP into your machine and access SQL Server locally).
The name of your machine could be considered sensitive but it's easily discoverable (e.g. DNS). You generally want multiple layers, which include firewalls and surface area reduction (e.g. disabled RDP), and perhaps obfuscation (non-standard SQL ports) as well for protecting particularly sensitive data.
Answered By - Dan Guzman
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.