Original translated from: http://blog.csdn.net/zzcv_/archive/2008/03/05/2150690.aspx
SQL Server risks.
Dangerous: no firewall protection, exposed to the public network.
Consequence: SQL worms and hackers conduct denial-of-service attacks, cache overflow, SQL blind injection, and other attacks.
Remedy: Install a firewall, even if the funds are limited, there will be a large number of free products on the Internet.
Dangerous: no security vulnerability scan is performed.
Consequence: operating system and networkProgramHackers have discovered vulnerabilities and even databases have been cracked.
Remedy: always keep the latest security patches and regularly use security vulnerability assessment tools for scanning.
Dangerous: List SQL Server Resolution services.
Consequence: attackers can obtain database information or conduct cache overflow attacks. sqlping can also be used even if the database instance does not listen to the default port.
Remedy: Filter access requests from unauthenticated IP addresses.
Dangerous: weak SA password or no password set.
Consequence: the hacker enters the database by cracking the password.
Remedy: set a strong password and do not leave any database account with a blank password.
Dangerous: The Web program connected to the database does not filter SQL injection.
Consequence: hackers inject SQL commands into normal data and submit them to the server.
Remedy: Verify and filter the data sent from the browser, and the data cannot be directly submitted to the database.
Dangerous: Google hacks.
Consequence: the hacker uses the search engine to find the SQL error page of the web program, find the information, vulnerability, and even view the password directly.
Remedy: capture your errors. Do not let the program output the error information to the public page, but write it to log.