您建议使用哪个用户帐户在开发环境中运行 SQL Server Express 2008 服务?
SQL Server Express 2008 设置允许您为每个服务分配不同的用户帐户.
The SQL Server Express 2008 setup allow you to assign different user account for each service.
对于开发环境,您会使用域用户、本地用户、NT AuthorityNETWORK SERCVICE、NT AuthorityLocal System 或其他一些帐户,为什么?
For a development environment, would you use a domain user, local user, NT AuthorityNETWORK SERCVICE, NT AuthorityLocal System or some other account and why?
推荐答案
Local System 不推荐使用,它是管理员等效帐户,因此可能会导致利用管理员权限的可疑编码不允许在生产系统中使用,因为具有安全意识的管理员/DBA 真的不喜欢以管理员身份运行服务.
Local System is not recommended, it is an administrator equivalent account and thus can lead to questionable coding that takes advantage of administrator privileges which would not be allowed in a production system since security conscious Admins/DBA's really don't like to run services as admin.
根据服务器实例是否需要访问其他域资源来确定它应该在哪种类型的低权限帐户下运行.
Depending on if the server instance will need to access other domain resources or not should determine which type of low privilege account it should run under.
如果它不需要访问任何(非匿名)域资源,那么我通常会创建一个唯一的本地低权限帐户供它运行,以获得额外的安全优势,即不在其中运行多个服务相同的身份上下文.请注意,本地服务帐户不支持SQL Server 或 SQL Server 代理服务.
If it does not need to access any (non-anonymous) domain resources than I normally create a unique local, low privilege account for it to run under in order to gain the additional security benefit of not having multiple services running in the same identity context. Be aware that the Local Service account is not supported for the SQL Server or SQL Server Agent services.
如果确实需要访问非匿名域资源,那么您有三个选择:
If it does need to access non-anonymous domain resources then you have three options:
- 作为网络服务运行 这也是一个低权限帐户,但保留了计算机网络凭据.
- 在本地服务帐户下运行
- 在本地权限较低的自定义域帐户下运行.在开发人员帐户下运行的一个优点是,可以更轻松地将调试器附加到您自己身份的进程而不影响安全性,因此调试更容易(因为默认情况下,非管理员帐户无权将调试器附加到另一个身份进程).使用其他域帐户的一个缺点是管理这些帐户的开销,特别是因为每个开发者的每项服务理想情况下都应该具有唯一的凭据,这样如果开发者离开,您就不会泄露任何信息.
我倾向于做的大部分事情不需要服务访问域资源,所以我倾向于使用我管理的独特的本地低权限帐户.我还专门以非管理员用户身份运行(并且在 XP SP2、Server 2003、Vista 和 Server 2008 下都没有出现重大问题)所以当我遇到需要该服务来访问域资源的情况时,我就不用担心了关于使用我自己的域凭据(另外,我不必担心网络管理员创建/维护一堆非生产域身份).
Most of what I tend to do does not require the service to access domain resources so I tend to use unique local low privilege accounts that I manage. I also run exclusively as a non-admin user (and have done so under XP SP2, Server 2003, Vista and Server 2008 with no major problems) so when I have cases where I need the service to access domain resources then I have no worries about using my own domain credentials (plus that way I don't have to worry the network admins about creating/maintaining a bunch of non-production domain identities).
相关文章