Full Disclosure mailing list archives
Re: [SPAM] Re: [SPAM] Re: Spybot and SQL
From: Jacek Barcikowski <m.esco () wp pl>
Date: Fri, 11 Feb 2005 23:04:17 +0100
Matthew Farrenkopf wrote: > Jacek, > > >>>(The MSDE engine was installed on two machines for an application > > we > >>>use, and the engine is used only locally by the application. The >>>thought never crossed my mind that the engine was misconfigured > > with a > >>>blank sa password, but on analysis it looks like that's how the >>>application communicates with the database. There's no option to > > add a > >>>password in the application, so I blocked port 1433 to the outside >>>world. Problem solved until we can talk to the vendor.) >> >><off_topic> >>Before the installation you can set up a setup.ini file with >>DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not >>listen to any port, therefore cannot be accessed from the net. >></off_topic> >> >>Best reagards, >>m.esco > > > Regrettably, this is an automated installation system. It's not like I > was able to install MSDE first myself, then install the application. It > was all done at once. > > Is there any way to disable it after installation? (I haven't had a > chance to RTFineM, but will go do that as well.) Right now, I'm > protecting ports with IPSec rules.You can run svrnetcn.exe from command line and then disable TCP/IP from enabled protocols list.
Here is also a great article about MSDE configuration: http://www.codeproject.com/database/ConfigureMSDE.asp Best regards, Jacek Barcikowski _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [SPAM] Re: [SPAM] Re: Spybot and SQL Jacek Barcikowski (Feb 11)