Hello everyone,
I have a question about settings of our Azure SQL database.
We are using default settings.
Allow Azure Services and resources to access this server = YES
And we also have defined some IP addresses, which can connect to the database.
My question is, if we have allow azure services and resources to access this server = yes; if there is possibility, that someone who stole/hack password login to SQL database, should access to this database via some Azure vPC, or Azure APP.
For standard users (onprem machines), there are IP ranges, but if somebody try to connect via some Azure service from another subcription, is it possible to connect, or he cant connect, because isnt defined in IP adress range, and only services from same subscription could connect to this SQL.
There are 3 potential situations:
app/vPC from same subscription - is it possible to hack SQL ?
app/vPC from another subscription, but same tenant - is it possible to hack SQL ?
app/vPC from another subscription and another tenant - is it possible to hack SQL ?
Thank you for clarify it.