[SPAM] Re: [SPAM] Re: [Full-Disclosure] Spybot and SQL

[Jacek Barcikowski]

Matthew Farrenkopf wrote:
 > Jacek,
 >
 >
 >>>(The MSDE engine was installed on two machines for an application
 >
 > we
 >
 >>>use, and the engine is used only locally by the application.  The
 >>>thought never crossed my mind that the engine was misconfigured
 >
 > with a
 >
 >>>blank sa password, but on analysis it looks like that's how the
 >>>application communicates with the database.  There's no option to
 >
 > add a
 >
 >>>password in the application, so I blocked port 1433 to the outside
 >>>world.  Problem solved until we can talk to the vendor.)
 >>
 >><off_topic>
 >>Before the installation you can set up a setup.ini file with
 >>DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not
 >>listen to any port, therefore cannot be accessed from the net.
 >></off_topic>
 >>
 >>Best reagards,
 >>m.esco
 >
 >
 > Regrettably, this is an automated installation system.  It's not like I
 > was able to install MSDE first myself, then install the application.  It
 > was all done at once.
 >
 > Is there any way to disable it after installation?  (I haven't had a
 > chance to RTFineM, but will go do that as well.)  Right now, I'm
 > protecting ports with IPSec rules.

You can run svrnetcn.exe from command line and then disable TCP/IP from 
enabled protocols list.

Here is also a great article about MSDE configuration:

http://www.codeproject.com/database/ConfigureMSDE.asp

Best regards,
Jacek Barcikowski