We recently had a security audit done and one of the issues they found was on a mixed mode MSSQL 2005 instance a SQL account with sysadmin privileges had a weak corresponding password. I am not a DBA or Network tech myself but I
could do with some management friendly low tech explanation of if someone exploiting that weakness and gained sysadmin access to the
SQL database – what malicious actions could they then do? What's the overall risk? Rather than just saying "they have admin access", it would help me give it some sort of management friendly risk
perspective if you could elaborate on some potential acts they could do if they had malicious intentions (which is likely if they've hacked in in the first place).
↧
sysadmin - what can they do
↧