| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <420D2BE1.4060409@wp.pl> From: m.esco at wp.pl (Jacek Barcikowski) Subject: [SPAM] Re: [SPAM] Re: Spybot and SQL Matthew Farrenkopf wrote: > Jacek, > > >>>(The MSDE engine was installed on two machines for an application > > we > >>>use, and the engine is used only locally by the application. The >>>thought never crossed my mind that the engine was misconfigured > > with a > >>>blank sa password, but on analysis it looks like that's how the >>>application communicates with the database. There's no option to > > add a > >>>password in the application, so I blocked port 1433 to the outside >>>world. Problem solved until we can talk to the vendor.) >> >><off_topic> >>Before the installation you can set up a setup.ini file with >>DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not >>listen to any port, therefore cannot be accessed from the net. >></off_topic> >> >>Best reagards, >>m.esco > > > Regrettably, this is an automated installation system. It's not like I > was able to install MSDE first myself, then install the application. It > was all done at once. > > Is there any way to disable it after installation? (I haven't had a > chance to RTFineM, but will go do that as well.) Right now, I'm > protecting ports with IPSec rules. You can run svrnetcn.exe from command line and then disable TCP/IP from enabled protocols list. Here is also a great article about MSDE configuration: http://www.codeproject.com/database/ConfigureMSDE.asp Best regards, Jacek Barcikowski
Powered by blists - more mailing lists