Remote connectivity problems with SQL server7.0

server| problem

After discovering the GLOBAL.ASA+.HTR bug, the ID and password of the SQL Server database are often exposed to our eyes in plaintext, which should be noted when writing the program. I have tried several well-known domestic websites, like the Ant League, can get his database password. So how to get the control of the database further becomes our concern.
Some friends often have the password does not even enter the other host, I say the connection when the need to pay attention to the problems and steps, and hope that we will be a good way to publish, let us progress together.

Two authentication modes for SQL Server: NT Authentication mode and mixed security mode.

When a user logs on to SQL Server using Query Analyzer, the user is prompted for a login name and password. By default, the login name SA. The password is empty. Once users log on to SQL Server, they can access each database on the server. Typically, only one database is set as the default database for the login name, and the database is automatically used when Query Analyzer is started.
In NT Authentication mode, SQL Server detects the currently used NT user account and looks up the user in the syslogins table to determine whether the user has permission to log in, in which case the user does not have to provide a password or login name for SQL Server authentication. In fact, SQL Server is the NT user information that automatically obtains the login process from the RPC connection, that is, the user must log on using the RPC connection to perform NT Authentication for SQL Server.
Mixed security mode: This is a common pattern because it allows connectivity in SQL Server Authentication or NT Authentication mode, which is better adapted to the environment of various users, and is the gateway to the other database. If we use TCP/IP Sockets for login verification, SQL Server uses SQL Server authentication mode, and if you use Named pipes, SQL Server uses the NT Authentication mode. So what does SQL Server's authentication mode do with landing names? First, in the syslogins table to detect the input of the login name and password, if there is, and the password is correct, you can log in. In this mode we must provide a login name and password for SQL Server validation. Of course! We have now known his userid and pwd, hehe!

Authentication mode and NT registry for SQL Server

The validation mode settings are stored in LoginMode in the NT Registry's HKEY_LOCAL_MACHINE\Software\Microsoft\MSSqlserver\MSSqlServer, and if the key value is 0, the mixed security mode is used for 1 , the NT Authentication mode is used. The default is 0.
This is the reason why most hosts can successfully connect.

Understanding the basic process of landing, let me say the steps for SQL Server remote connection:

First, ping his domain to get IP, add a TCP/IP type of server alias in Client Network Utility, and be careful not to change the port number by default.
Then add a new host to the SQL Server group and fill in the IP address, SA, and PWD.
It is worth noting that only the SA that has access to administrator rights can operate on the entire database, only a table password is not possible, the connection failed.
In SQL Server, you can set a ban on remote connections. The method is as follows:
Set the properties in SQL Server Management, point to Connection, remove the Allow other SQL Servers to connect before you can.
Also, if the version of SQL Server is different, it can sometimes cause the connection to fail.

Finally, to everyone a very bad host to play, (don't say is I said, hehe!) Or not next time! ）
61.132.16.68 uid=sa;pwd=tj3860315$
Remember, don't ruin it! All practice practicing. Or else they find you in trouble is big!

Above only represents personal opinion, what is not correct place, please Big Brother elder brother friend old and young man advice!