Reputation: 4085
Sql server security principles
If I have a website that uses a sa account for SQL authentication, this will be very bad idea, because with any SQL injection attempt, everyone can destroy database or steal credit cards.
Is there another risk rather than SQL injection?
What will be the user when you use Windows authentication?
Thank you for your time
Upvotes: 0
Views: 296
Answers (1)
Reputation: 7215
Using the SA account is bad, really bad but I would say that using the SA account does not make you for likely to get “hacked” however if they do then you are in for a world of pain as they will have the top level of access and be able to really mess things up!
Also if the developer is stupid enough to think that using SA is a good security model then you can have a good bet that other areas of his/her security thinking will be equally bad. In short get it changed and start looking through the code for the classic rookie SQL mistakes
Upvotes: 1
Related Questions
- Secure SQL Server Configuration
- SQL Server : Security User Login
- Securing connection to SQL Server
- Security in SQL Server
- Understanding SQL Server 2008 Security, Logins, Roles etc
- Securing access to SQL Server data
- SQL Server and Security
- sql server 2008 security
- SQL Server Authorization/Security Question
- Security vulnerabilies checklist