laphan

Hi Guys

I develop an accounting package that uses SQL/MSDE 2000 as the RDBMS. Its
really hard for me to get new clients to look at my product when they have
to download a minimum of 25MB (ie, MSDE installer) just to have a look at
it.

Now that I've got a fixed IP ADSL connection, I wanted to host a demo SQL db
so that users can simply log in with my program (only 3MB tops) and see it.

My problem is all the horror stories about how easy SQL Server is to hack
and become a gateway to my network.

My network's protected by a Zoom X4 Firewall NAT box, but I'll need to port
map a 1433 hole for users to connect to my demo db - right???

I was going to stick ZoneAlarm on my server so that I can put another bit of
protection that it only allows SQL stuff to be bandied about, but is this
enough?

How do they hack the SQL server and cause the problems?? Is it just idle
administrators not putting a good password for 'sa' or is it more than
that??

When I create an ODBC data source I also have to enter SQL authentication
details to complete the creation of it. I always use sa's details to enter
this data source - is this the right thing to do or should I use a different
kind of user??

Your feedback would be most appreciated.

Rgds


Laphan