lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: farrenkm at ohsu.edu (Matthew Farrenkopf)
Subject: [SPAM] Re: Spybot and SQL

Jacek,

> > (The MSDE engine was installed on two machines for an application
we
> > use, and the engine is used only locally by the application.  The
> > thought never crossed my mind that the engine was misconfigured
with a
> > blank sa password, but on analysis it looks like that's how the
> > application communicates with the database.  There's no option to
add a
> > password in the application, so I blocked port 1433 to the outside
> > world.  Problem solved until we can talk to the vendor.)
> 
> <off_topic>
> Before the installation you can set up a setup.ini file with 
> DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not 
> listen to any port, therefore cannot be accessed from the net.
> </off_topic>
> 
> Best reagards,
> m.esco

Regrettably, this is an automated installation system.  It's not like I
was able to install MSDE first myself, then install the application.  It
was all done at once.

Is there any way to disable it after installation?  (I haven't had a
chance to RTFineM, but will go do that as well.)  Right now, I'm
protecting ports with IPSec rules.

Thanks,
Matt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ