Using SQL Authentication
It is strongly recommended that you use Windows Authentication for database connectivity instead of SQL Authentication. This section explains the security risks associated with using SQL Authentication in a Commerce Server deployment.
It is recommended that you use Windows Authentication instead of SQL Server Authentication. If you do use SQL Server Authentication, note the following security risks and the steps you must take to secure your site:
- Clear text passwords, in connection strings, will be stored in the Administration database.
When a connection is made to a Commerce Server database, the clear text password will be transmitted over the wire, allowing attackers to detect it.
To secure your installation
- Implement a private network from Web servers to SQL Servers so attackers cannot sniff traffic from the Web server to the SQL Server database.
- Enable Multiprotocol Net-Library encryption on the SQL Server. For instructions, see SQL Server Books Online.
- Enable Secure Sockets Layer (SSL) on port 1433 of the Web server. For instructions, see "Setting Up SSL on Your Server" in the IIS 5.0 Documentation.
- Use IPSec on the network connection. For instructions, see Windows 2000 Help.
- Clear text passwords are saved in the OLAP file in \Program Files\Microsoft Analysis Services\bin\msmdrep.mdb.
To secure this file, either migrate the content to a repository in the SQL Server database, or use Windows Integrated Security.
- When a Web server connects to a SQL Server using SQL Server Authentication, the SQL Server password travels in clear text. To protect a SQL Server connection from intruders, use the multi-protocol network driver in SQL Server, which allows encryption of session connections. If you use Windows NT authentication, this password will be protected, except in Commerce Server Setup and if you choose the Quick Unpack option in Commerce Server Site Packager.
- Do not use the "sa" login that SQL Server creates by default. You should specify a different administrative login name for your database servers. Never use a blank password. Doing so increases security risks for your site.
When SQL Server is remote, the IIS anonymous account (the default is IUSR_<computername>) must use a domain account.
For information about the database access privileges you should grant to the IUSR to access the Administration database, see Securing the Administration Database.
For information about setting up the domain account, see Using Windows Authentication in a Distributed Deployment.
If you use SQL Authentication, you should create SQL logins for the following resources:
- Business Desk Permissions
- Product Catalogs
- Direct Mailer
- Data Warehouse
- Transactions Config
All rights reserved.