SA do I need to remember the password
-
Just wanted to make sure I had not missed something.
I don't anticipate ever having to use the SA user id as I and all other Administrators connect to the Server using NT Authentication.
I am only using SQL Server Authentication for access for users via a front end and only through SQL Server Procedures.
As any of the administrators is able to change the SA password, is it even necessary to remember then oassword.
-
You may not need to remember it, but you surely want to audit its change.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley -
I'm not sure about that.
Several threads have shown, that when nobody needs to remember something, nobody does. And then Mr. Murphy steps right in, and what then...
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url] -
If we leave the default BUILTIN\Administrators with System Administrator privileges. Doesn't this mean we will never have a requirement to use SA.
In this case, as long as the SA password is really obscure, is there any need to remember it.
Or is your concern that the person who set the SA password, might leave the company and then we have a security risk. In which case couldn't we reset the password without needing to know the old password.
-
Might be any of the reason you've mentioned or thousands of others we don't think about yet.
Call me paranoid, but for things I can influence I like a 200% security.
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url] -
If you have other logins with sysadmin rights, you don't have a need for anyone to logon with the sa account. In fact, you don't want anyone to do so because of that whole audit trail thing if you have to try and tie something that was done with the sa account to a particular person. With that said...
Don't rely on an individual to set the password. If you know this account won't be used, go grab a password generator... one of those that'll do a 32 random character string or something obscene like that so no one CAN remember the password and use that to generate the password and set it for the SA account. There are plenty of free ones on the Internet.
When a person who might know the SA password (people are capable of doing some pretty amazing things), you'll want to generate new passwords, as you've indicated. If you're logged on as a sysadmin level account, you can reset the sa password without knowing the old sa password. So the password for the sa account really does become "disposable."
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley -
I might have this wrong, but didn't the latest update (SP3) to SQL Server 2000 require you to enter the SA password?
-SQLBill
-
only when it was blank before, IIRC
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url] -
That's correct, it forces the sa password to be set if it was blank, but it did not check its strength.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley -
The default BUILTIN\Administrators works fine most of the time. However, you might have a policy change (error) or other failure that would prevent authentication (been there). The sa or other sa like SQL Server login will let you administer and check the server.
Randy
Helpdesk: Perhaps Im not the only one that does not know what you are doing. 😉 -
as long as nobody decides to delete this login
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url] -
Just to confirm when doing an install, SQL Server only asks for an SA password if you change the Authentication from NT to mixed mode.
Brian, our Server is only accessible on our WAN not on the Internet. However just in case, I have downloaded a password generator and will use this to change the SA password at intervals.
Thanks for the advice
-
Just as a footnote... Even if a server is set for Windows Authentication, you can set the sa password. Always a good idea. Changing SQL Server from Windows auth to Mixed is as simple as a registry change and a service restart.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley -
If you use certain types of software, like Great Plains for example, you must use the sa password to set it up, and in the case of GP, to administer it afteward from withing the program. Not an eqivalent, the actual sa password.
G. Milner
-
quote:
If you use certain types of software, like Great Plains for example, you must use the sa password to set it up, and in the case of GP, to administer it afteward from withing the program. Not an eqivalent, the actual sa password.
We don't let our vendors get away with that. They all should know better. With enough complaints, they change.
Randy
Helpdesk: Perhaps Im not the only one that does not know what you are doing. 😉
Viewing 15 posts - 1 through 15 (of 19 total)
You must be logged in to reply to this topic. Login to reply