This is a simple database security & performance question, but I’ve always used either a special user (eg. mydbuser), or Windows’ built-in Network Service account as the owner when attaching databases to my SQL Server instances.
- When deploying my database to a production server, is there a specific user I should stick to or avoid? I would think that using an account with a set password could open the database up to a potential security issue.
Edit: Corrected NETWORK SECURITY to Network Service
You must always follow the rule of “Least Privileged Access”.
Apart of this is taking into consideration what applications that are using the database. Ideally your database is inaccessible by the open internet (block port 1433!). Thus an attacker would be forced to access the database though the application via SQL Injection.
Worms/malware/exploits are most often targeting cmd.exe (or another shell like bash under Linux). MS-SQL gives attackers access to cmd.exe via the xp_cmdshell() sql function call. Worms rely on this function to spread. To make matters worse on old versions of MS-SQL the “sa” had a null password, and worms actively exploited this to spread.
Whatever account you give MS-SQL disallow access to cmd.exe. Make sure no applicaitons use the “sa” account, instead give them a specific account that only has the bare bones i needs to work. Even if you don’t give the application access to xp_cmdshell() its possible to conduct a privilege escalation attack though sql injection. For instance SqlNinja will attempt to brute force the “sa” account via SQL Injection.
I also recommend following these steps laid out my Microsoft, especially testing to make sure your security systems hold water.