I have a server type software connected to my local SQL Server and it has a hardcoded SQL login/password(also requires sqladmin role) inside that I CAN NOT change. As I have to use this software, I had to create this login in my SQL Server. Now the issue is, this hardcoded login info is well known on the internet, ask google with few keywords and clicks you can find it. Also I CAN NOT close 1433 or any SQL Server port on firewall as my clients need to access to my SQL Server for data and functions.
So to prevent people who know this infomation and want to use it against / break into my SQL Server. I did below security measures:
- Turned off SQL Server's remote connection function
- Create an logon trigger to allow only local communication for this login
Now the question is, can someone spoof as localhost to send me an packet with SQL command such as DROP TRIGGER etc. to break in?
If so what other counter measures I can use? Heaps thanks!
Trigger as below
CREATE TRIGGER prevent_ip
ON ALL SERVER
FOR LOGON
AS
BEGIN
DECLARE @LoginName sysname
DECLARE @LoginType sysname
SET @LoginName = ORIGINAL_LOGIN()
IF(@LoginName = 'HardcodedLogin' AND (EVENTDATA().value('(/EVENT_INSTANCE/ClientHost)[1]','nvarchar(128)') IN ('<local machine>')))
BEGIN
RETURN; -- Login Authorized
END
ELSE IF(@LoginName IN ('SecuredLoginForClients'))
BEGIN
RETURN; -- Login Authorized
END
ELSE
BEGIN
ROLLBACK; -- Disconnect the session
END
END
