Databases Reference
In-Depth Information
To get the same information in Sybase, an attacker will need the
database installed. Once this is accessible, all security-related
information is available, specifically from
sybsecurity
.
Finally, in SQL Server a trace can be used to generate the information
about logins and logouts. The trace mechanism in SQL Server is a powerful
mechanism that can provide many benefits to an attacker. Trace events are
available for pretty much any type of activity, as shown in Table 9.1, includ-
ing many things that you really wouldn't like leaking out.
sybsecurity.dbo.sysaudits_02
Table 9.1
Available events in the SQL Server trace mechanism
Event
number
Event name
Description
10
RPC:Completed
Occurs when a remote procedure call (RPC) has completed.
11
RPC:Starting
Occurs when an RPC has started.
12
SQL:BatchCompleted
Occurs when a Transact-SQL batch has completed.
13
SQL:BatchStarting
Occurs when a Transact-SQL batch has started.
14
Login
Occurs when a user successfully logs in to SQL Server.
15
Logout
Occurs when a user logs out of SQL Server.
16
Attention
Occurs when attention events, such as client-interrupt requests or
broken client connections, happen.
17
ExistingConnection
Detects all activity by users connected to SQL Server before the
trace started.
18
ServiceControl
Occurs when the SQL Server service state is modified.
19
DTCTransaction
Tracks Microsoft Distributed Transaction Coordinator (MS DTC)
coordinated transactions between two or more databases.
20
Login Failed
Indicates that a login attempt to SQL Server from a client failed.
21
EventLog
Indicates that events have been logged in the Microsoft Windows
NT application log.
22
ErrorLog
Indicates that error events have been logged in the SQL Server error
log.
23
Lock:Released
Indicates that a lock on a resource, such as a page, has been released.
24
Lock:Acquired
Indicates acquisition of a lock on a resource, such as a data page.
Search WWH ::
Custom Search