MS SQL Server
  Home arrow MS SQL Server arrow Page 14 - Authenticating Logins
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Mobile Linux 
App Generation ROI 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
MS SQL SERVER

Authenticating Logins
By: Apress Publishing
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 17
    2004-10-27

    Table of Contents:
  • Authenticating Logins
  • Creating Strong Passwords
  • The Effects of Windows on Authentication
  • Authentication in SQL Server 6.5
  • Security
  • Tracing Login Network Traffic
  • Logins Using TCP/IP
  • Logins Using Named Pipes
  • User Level vs. Full Control Logins
  • SQL Server 6.5 Named Pipes Login Summary
  • Authentication in SQL Server 7.0 and 2000
  • Tracing Login Network Traffic
  • The Super Socket Network Library
  • The TCP/IP Network Library
  • Windows Authenticated Logins Via TCP/IP
  • Logins Using Named Pipes
  • The Multiprotocol Library in SQL Server 2000
  • Managing Login Accounts
  • Creating Login Accounts
  • Sample Commands
  • Server Roles
  • Secondary Server Roles
  • Special User Identities
  • Summary
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Authenticating Logins - The TCP/IP Network Library
    (Page 14 of 24 )

    Let’s now look at the traffic generated when a user logs in using the TCP/IP network library and a SQL Server authenticated account. Just as it is in SQL Server 6.5, the TCP/IP network library is the easiest network trace to follow. The following listing shows an abbreviated trace of the network packets sent when Query Analyzer tries to log into the server using a SQL Server authenticated account.

    NOTE The full trace can be downloaded along with the rest of the material accompanying the book from http://www.WinNetSecurity.com .

    Frame Src MAC Addr Dst MAC Addr   Protocol Description
    2     W2kClient    SS7_NT_SRV     TCP    ....S., len: 0, seq:3205348350...
    3     SS7_NT_SRV   W2kClient      TCP    .A..S., len: 0, seq: 380335491...
    4     W2kClient    SS7_NT_SRV     TCP    .A...., len: 0, seq:3205348351...
    5     W2kClient    SS7_NT_SRV     TDS    UNKNOWN EOM Len = 52 Chnl = 0 Pkt = 0...
    6     SS7_NT_SRV   W2kClient      TDS    Token Stream - Row continuation ???

    Frames 2 through 4 are the TCP three-way handshake, which indicates W2kClient is initiating a TCP session with the database server. The description in frame 5 is not really descriptive, but inside that packet is the SQL Server login account name and password. Apparently, SQL Server accepts the account and password because frame 6 does not have an error message.

    7     W2kClient SS7_NT_SRV TDS UNKNOWN EOM Len = 188 Chnl = 0 Pkt = 1...
    8     SS7_NT_SRV W2kClient TDS Token Stream - Environment Change,...
    9     W2kClient SS7_NT_SRV TDS SQL -
    ... get environment information, then close the session
    25    W2kClient SS7_NT_SRV TCP ....S., len: 0, seq:3205461071...
    26    SS7_NT_SRV W2kClient TCP .A..S., len: 0, seq: 380438509...
    27    W2kClient SS7_NT_SRV TCP .A...., len: 0, seq:3205461072...
    28    W2kClient SS7_NT_SRV TDS UNKNOWN EOM Len = 52 Chnl = 0 Pkt = 0...
    29    SS7_NT_SRV W2kClient TDS Token Stream - Row continuation ???
    30    W2kClient SS7_NT_SRV TDS UNKNOWN EOM Len = 218 Chnl = 0 Pkt = 1...
    31    SS7_NT_SRV W2kClient TDS Token Stream - Environment Change,...
    32 W2kClient SS7_NT_SRV TDS SQL -
    ... session established

    Frames 7 through 24 contain queries from Query Analyzer that ask SQL Server for information about the server’s environment. Typically, this is the time that Query Analyzer will build a list of databases and turn on or off various session-specific settings. Like ISQL/W in SQL Server 6.5, Query Analyzer closes the first session when it has everything it needs and starts a new session. The only difference in the login traffic is that frame 28 includes the name of the client’s computer; otherwise, the process is the same.

    Once you have a TCP session between the client and server, SQL Server authenticated logins go through a simple process of querying the syslogins system view in the Master database. If SQL Server does not find the account and password in the sysxlogins table that syslogins references, the user will get an error message. If it does find a row in the table, SQL Server then checks to see if the login account has been explicitly denied access to the server by checking the denylogin column (see the definition of the syslogins view in the section “Managing Login Accounts” later in this chapter). If the value is 1, the user receives an error message stating her login is denied.

    This process is identical to the one used for SQL Server 6.5, including the fact that Windows does not check the user’s Windows account information before permitting SQL Server to receive the login request. If you have clients that use an operating system other than Windows, they can use the TCP/IP network library to connect to SQL Server with a SQL Server authenticated login. This is the only configuration that bypasses the Windows authentication process, because the client communicates directly with SQL Server via TCP port 1433 and does not use any of Windows RPC functions.

    If you were to look at the actual packet contents of frames 5 and 28, you would see that the password is being sent in clear text. This is the main drawback of using the TCP/IP network library. 

    This is from SQL Server Security Distilled, second edition, by Morris Lewis (Apress, ISBN 1590592190). Check it out at your favorite bookstore today. Buy this book now.

    Next: Windows Authenticated Logins Via TCP/IP >>
     

    More MS SQL Server Articles
    More By Apress Publishing


     
    >>> Be the FIRST to comment on this article!

    MS SQL SERVER ARTICLES

    - Completing the Introduction to Transact-SQL
    - A Brief Introduction to Transact-SQL
    - Lookups and Blocking Bad Data
    - Field Validation Rules for Blocking Bad Data
    - Using Masks to Block Bad Data
    - Blocking Bad Data
    - Using @@ROWCOUNT and TABLE Variables for Dat...
    - How to Use Variables, IF and CASE in Databas...
    - Creating Important Aspects of Notification S...
    - Working wth Variables in Database Interactio...
    - Delving Deeper into Notification Services
    - Notification Services
    - Building a Multi-table Report with SQL 2005 ...
    - A Secure Way of Building Connection Strings
    - Transferring a Database Using the SSIS Desig...
    Find More MS SQL Server Articles
     
    Application Delivery: Everything You Wanted to Know, but Didn`t Know You Needed to Ask
    A comprehensive guide to examining the topics of Wide-area Data Services and app....
     
    Best Practices: Safe and Secure Hardware Asset Recovery
    Companies increasingly must meet EPA and local requirements for the disposal of ....
     
    Managing SSL Security in Multi-Server Environments
    Read this white paper to learn how to simplify management of your organization's....
     
    Open Source Security Myths
    Open Source Software (OSS) is computer software whose source code is available t....
     
    Power and Cooling Capacity Management for Data Centers
    This paper describes the principles for achieving power and cooling capacity man....
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway
    Stay green...Green IT