This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Backend Security Project SQLServer Hardening
Overview
In this section there are some best practices concerning the security of SQL Server 2005. The operating system under SQL Server is Windows Server 2003.
Description
Installation of the Engine
The prerequisites for the installation are: .NET Framework 2.0 Microsoft SQL Native Client Microsoft SQL Server 2005 Setup Support Files.
The installation consist of a large amount of services that are shortly descripted:
- SQL Server Database Services (install SQL Server database engine and tools for managing relational and XML data, replication and full text search)
- Analysis Services (install analysis services and tools used to support online analytical procession OLAP and data mining. Install also Integration Services)
- Notification Services (installs notification services a platform for developing and deploying applications that send personalized, timely notifications to a variety of devices or applications)
- Integration Services (install a set of tools and programmable objects for creating and managing packages that extract, transofrm and load data, as well perform task)
- Client Components (install management tools, development tools and legacy components)
- Documentation, samples and sample databases (installs books online documentation, sample databases and sample applications for all sql 2005 components)
During the installation the thing to remind is that from a security point of view, only what is strictly needed must be installed. To install a tipycal minimal configuration, the SQL Server Database Services (1) and some Client Components (5) (Connectivity components and Management Tools can be installed.