User's Guide
PART 4. Database Administration and Advanced Use
CHAPTER 22. Keeping Your Data Secure
There are many actions you can take as database administrator can take to improve the security of your data.
Change the default user ID and password The default user ID and password for a newly created database is DBA and SQL. You should change this password before deploying the database.
Require long passwords You can set the MIN_PASSWORD_LENGTH public option to disallow short (and therefore easily guessed) passwords.
For information, see MIN_PASSWORD_LENGTH option.
Restrict DBA authority DBA authority is very powerful. Users with DBA authority can see and do anything in the database. You should grant DBA authority only to users who absolutely require it.
Consider giving users with DBA authority two user IDs, one with DBA authority and one without, so that they can connect as DBA only when necessary.
Drop external system functions The following external functions present possible security risks: xp_cmdshell, xp_startmail, xp_sendmail, and xp_stopmail.
The xp_cmdshell procedure allows users to cause the server to execute operating system commands or programs.
The e-mail commands allow users to have the server send e-mail composed by the user. Malicious users could use either the e-mail or command shell procedures to perform operating-system tasks with authorities other than they have been given by the operating system. In a security-conscious environment, these functions should be dropped.
For information on dropping procedures, see DROP statement.
Protect your database files The database file, log files, dbspace files, and write files should be protected from unauthorized access. They should not be stored within a shared directory or volume.
Protect your database software The Adaptive Server Anywhere software should be similarly protected. Users should be given access only to the applications, DLLs, and other resources that they require.
Run the database server as a service or a daemon On Windows NT, the database server should be run as an NT service so that unauthorized users cannot shut it down or gain access to the database or log files. On UNIX, running the server as a daemon serves a similar purpose.
For more information, see Running the server outside the current session.