January 20, 2011 at 3:34 pm
I've started in a new place and once again, I have to explain to the "we've always done it that way" (aka "I don't understand it") management why they should use mixed mode authentication and use AD groups to manage individual users.
I'm looking for links to articles, white papers, etc. that will support use of windows auth/AD Groups -- or enlighten me as to why not.
I had a presentation on this subject many work sites and years ago... if I could only find it....
Thanks in advance
Gary
January 28, 2011 at 11:22 am
I believe in teaching a man how to fish rather than giving him a fish.
1. Go to http://www.google.com
2. Type: SQL Server Security Best Practices
3. Hit Enter
A.J.
DBA with an attitude
January 28, 2011 at 2:51 pm
I wouldn't have posted the question without having been there first. The links I found didn't really amount to much. Maybe it's time for me to write an article....
Thanks though.
January 28, 2011 at 3:55 pm
From the SQL 2008R2 Security Best Practices white paper under "Authentication" :
Authentication, both Windows accounts and SQL Server-specific accounts (known as SQL logins) are permitted. When SQL logins are used, SQL login passwords are passed across the network for authentication. This makes SQL logins less secure than Windows logins.
It is a best practice to use only Windows logins whenever possible.
January 29, 2011 at 7:52 am
Thank you JeremyE!! That white paper didn't turn up in my search. Really appreciate the link!
Gary
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply