Using SQL Authentication

It is strongly recommended that you use Windows Authentication for database connectivity instead of SQL Authentication. This section explains the security risks associated with using SQL Authentication in a Commerce Server deployment.

SQL Server Authentication

SQL Server Passwords

SQL Server in a Distributed Deployment

Creating SQL Accounts for Commerce Server Resources

SQL Server Authentication

It is recommended that you use Windows Authentication instead of SQL Server Authentication. If you do use SQL Server Authentication, note the following security risks and the steps you must take to secure your site:

  • Clear text passwords, in connection strings, will be stored in the Administration database.

    When a connection is made to a Commerce Server database, the clear text password will be transmitted over the wire, allowing attackers to detect it.

    To secure your installation

    • Implement a private network from Web servers to SQL Servers so attackers cannot sniff traffic from the Web server to the SQL Server database.
    • Enable Multiprotocol Net-Library encryption on the SQL Server. For instructions, see SQL Server Books Online.
    • Enable Secure Sockets Layer (SSL) on port 1433 of the Web server. For instructions, see "Setting Up SSL on Your Server" in the IIS 5.0 Documentation.
    • Use IPSec on the network connection. For instructions, see Windows 2000 Help.
  • Clear text passwords are saved in the OLAP file in \Program Files\Microsoft Analysis Services\bin\msmdrep.mdb.

    To secure this file, either migrate the content to a repository in the SQL Server database, or use Windows Integrated Security.

SQL Server Passwords

  • When a Web server connects to a SQL Server using SQL Server Authentication, the SQL Server password travels in clear text. To protect a SQL Server connection from intruders, use the multi-protocol network driver in SQL Server, which allows encryption of session connections. If you use Windows NT authentication, this password will be protected, except in Commerce Server Setup and if you choose the Quick Unpack option in Commerce Server Site Packager.
  • Do not use the "sa" login that SQL Server creates by default. You should specify a different administrative login name for your database servers. Never use a blank password. Doing so increases security risks for your site.

SQL Server in a Distributed Deployment

When SQL Server is remote, the IIS anonymous account (the default is IUSR_<computername>) must use a domain account.

For information about the database access privileges you should grant to the IUSR to access the Administration database, see Securing the Administration Database.

For information about setting up the domain account, see Using Windows Authentication in a Distributed Deployment.

Creating SQL Accounts for Commerce Server Resources

If you use SQL Authentication, you should create SQL logins for the following resources:

  • Business Desk Permissions
  • Campaigns
  • Product Catalogs
  • Profiles
  • Direct Mailer
  • Data Warehouse
  • Transactions
  • Transactions Config

Copyright © 2005 Microsoft Corporation.
All rights reserved.