Shulou(Shulou.com)05/31 Report--

How to protect data in SQL Server? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

1. Assign a reliable password to the default SA account. Then, set up your own unique named account and put this account into sysadmin. Be sure to confirm that the new account also has a reliable password.

2. Assign a separate password to each user. Better yet, use Windows to integrate security and have Windows follow stable password rules.

3. Decide which users need to view the data, and then assign the appropriate license. Please do not give users various permissions casually. For example, don't give everyone's salary to others to visit.

4. Decide which users need to update the data, and then assign the appropriate license. Account managers should be able to view all users' information, but programmers must limit their permissions to update this information. In particular, only the manager responsible for a specific account is the only one who can change the user's data.

You can learn a lot from this series of information, but you should have these ideas from the beginning. Otherwise, any user of the database can steal or delete your important data.

What is most prone to mistakes?

For records, you should know that SQLServer is not absolutely secure. You should come up with some ideas and try to protect your server effectively. There are two things you must do before installing the server:

1. Set the account number and password of the manager.

2. Protect the system from Slammerworm infection.

To make something special safe.

SQLServer2000 has default security settings through a SA account. During installation, SQLServer automatically establishes an administrative user and assigns a blank password to the SA user name. Some managers like to set the SA password to blank or a generic password so that everyone can know it. If you make such a mistake, anyone who has access to your database can do whatever you want. Anyone with the permission of the manager can do whatever he wants-not just the database, but the entire computer. Therefore, users must be restricted to access the database according to their needs, and do not give them too little or too much rights.

Putting aside the SA accounts managed each day, let's take a look at the accounts with secure passwords. Set up another account for management (either a SQLServer account or a Windows account, depending on your authentication mode). What you want to avoid is to guess the account name or account password too easily, because anyone gets these accounts.

How to use SQLServer to protect data

A bad thing that causes alarm-Slammerworm (Slammer worm)

In January 2003, some very deadly malicious code appeared, namely Slammerworm. This code is designed to attack the installation of SQLServer. By exploiting deficiencies in SQLServera code, the worm can copy its own programs during SQLServer installation, damaging the entire machine and other machines. Worms can fill the network in 15 seconds. Microsoft has made great efforts to stop the worm, but the worm still can not be completely eliminated. Some people began to complain about the test version of SQLServer because it caused damage to the system during installation.

Many months have passed, is it necessary to be so wary of worms? The answer is yes. Infect the machine because there are many copies of Slammer every day. If a SQLServer without any patches is connected to the network, you will become a victim of this behavior. Morally, before connecting SQLServer to a network cable, you must protect your server and run all new service patches.

The importance of service patches

Service patches are free of charge when downloaded. Slammer does not damage your data, but it can cause a lot of damage to the server, and the harm is obvious. The easiest way to protect your data is to download ServicePack3 or ServicePack3a.

Knowledge of how worms work is not important. The important thing is that worms can survive for six months after Microsoft's patch is released. Commercial systems infected by worms usually have two reasons: one is that managers do not protect the system effectively, and the other is that the worm itself is too powerful.

You should note that SQLServerSP3 also cannot guarantee that it can maintain all the data. You should monitor Microsoft'sSecurityBulletin (Microsoft Security Bulletin) in real time to ensure that it is notified by service patches.

Select an authentication mode

One thing that must be decided during the SQLServer installation process is to choose the secure authentication mode. There are two modes:

1. Windows authentication mode (also known as integration mode)

2. Mixed mode

Windows authentication mode users connect to the SQL server by using a ready-made Windows user account. When the user connects to the server with a valid user name and password, SQLServer confirms the user's registration information. The result is that the user only registers in Windows and SQLServer, and the account information is strictly stored by Windows.

Hybrid mode is the combination of Windows authentication and SQLServer authentication. In mixed mode, some users can continue to use Windows accounts to access SQLServer, but others can only use SQLServer accounts that are not associated with the Windows account at all. Each SQLServer account stores its user name and password. If these registration values are the same, the user must enter twice-once for Windows and once for SQLServer.

Windows certification is superior to hybrid mode for the following reasons:

It provides more features than SQLServer certification. Many managers think that Windows authentication is easy to implement and use. With Windows authentication, there is no need to store the password in the connection string. Windows authentication means that you only need to store your password in one place.

Unfortunately, Windows certification is not available to everyone. Mixed mode must run in SQLServer7.0, while Windows authentication can only be used in SQLServer2000. There are other environments where Windows authentication does not work because it cannot gain mutual trust that breaks down the platform. In this case, you can only use mixed mode and SQLServer registration.

Other installation skills

There are other tips to pay attention to when installing SQLServer.

Use TCP/IP as the network library of SQLServer. This is a library recommended by Microsoft and is tested. If the server will be connected to the network, the use of non-standard ports will be disrupted by people with ulterior motives.

This is the answer to the question about how to protect data in SQL Server. I hope the above content can be of some help to you. If you still have a lot of doubts to solve, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.