Dear All,
I have a business application (2 tier) in my environment and the backend is SQL database. I dont know what Platform is being used to develop this application. Somehow we end up in terminating the contract with the suppliers. I want to know that is there a way through which the vendors could access my servers and remove the application or stop access to it without me knowing. Please note that the vendor does not have any remote access to the server directly or through VPN or any other remote access tool and nor there are any license keys installed which required to be there for the application to work.
I was thinking if they have some hard coded user names or passwords in the application through which they could login to the server and do something. But there is no remote access to the server unless and until provided intentionally. What I see in the SQL Management Studio, under logins there are two users created which I doubt are being used for their application (which is an accouting and HR application), If i change the password it might stop the application to work. My question is without changing the passwords and leaving it as it is, still can they access it somehow?
Please let me know if you can recommend to perform some checks to ensure that anonymous access is not possible.
Tks.
I have a business application (2 tier) in my environment and the backend is SQL database. I dont know what Platform is being used to develop this application. Somehow we end up in terminating the contract with the suppliers. I want to know that is there a way through which the vendors could access my servers and remove the application or stop access to it without me knowing. Please note that the vendor does not have any remote access to the server directly or through VPN or any other remote access tool and nor there are any license keys installed which required to be there for the application to work.
I was thinking if they have some hard coded user names or passwords in the application through which they could login to the server and do something. But there is no remote access to the server unless and until provided intentionally. What I see in the SQL Management Studio, under logins there are two users created which I doubt are being used for their application (which is an accouting and HR application), If i change the password it might stop the application to work. My question is without changing the passwords and leaving it as it is, still can they access it somehow?
Please let me know if you can recommend to perform some checks to ensure that anonymous access is not possible.
Tks.