SQL Server Security — Urgent! | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

SQL Server Security — Urgent!

Hi all, We have a small sql server DB which get data from a large sql server DB. Both databases contain critical data and stored in one data server by using the same Microsoft sql server engine. The data server uses the windows NT security for its security system. The small sql server db doesn’t have any security on it and just uses ‘sa’ userid without password. My questions are:
1. If it is ok we have both SQL server databases stored in a single data server? What is disadvantage? What is the best practice?
2. If this small sql server db is secured in this system setup described above? Why? What is the best practice for this? I’m new to SQL Server. Please help me out.
Thanks in advance! Li
Take a refernece from thishttp://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp MS link which explains the security resources and steps. If the current large database server is not stressed then there woudln’t be any issue adding the small database, but make sure to watch for PERFMON counters and PROFILER for slow running queries. HTH _________
Satya SKJ

1. If you have enough resources to handle user requestes to both databases, It’s alright to have both databases on the same server. 2. No, it is not secured as long as you have blank pasword for ‘sa’ user. Because anyone having either physical or network access to this server can access and manipulate the data on both databases. setup a password for ‘sa’ immediately.