We juste had a security audit that found that, if you get access to our database (SQLInjection for example), you can easily send all the content of the database to a remote SQL Server.
The recommendation is to disable Ad Hoc Distributed Queries. I found a lot of articles on how to do that on SQL Server 2005, but not on SQL Server 2000.
Any idea ?
Best Answer
According to this Distributed Query Architecture page: "For each instance of SQL Server 2000, members of the sysadmin fixed server role can enable or disable the use of ad-hoc connector names for an OLE DB provider using the SQL Server DisallowAdhocAccess property."