This article provides an overview of the two main methods by which SQL servers are hacked and abused. The first method consists of weak or nonexistent DBA passwords. One of the most sought-after DBA accounts is the sa account used by MS SQL Server. This is mainly because MS SQL Server includes several very powerful extended stored procedures that give a DBAor a hackerfull access to the server's file system.
The second method of attack is via SQL injection techniques that abuse poor programming or improper configuration on the SQL server to allow a hacker to access, overwrite, or delete information in the data server. In addition, if the attacked server is MS SQL, the infamous xp_cmdshell extended procedure can provide a hacker with a tool to take over the file system of the server.
To summarize, a SQL server is the heart of your company. It can be a serious security threat to your data. Fortunately, implementing proper coding practices and ensuring that the SQL server is configured properly makes a database server secure.