May 21, 2009 at 7:31 am
I have been asked to audit who is using certain passwords on a SQL 2000 instance.
I thought of using a trigger to fire after an update to the sysprocesses table which writes various info (hostname, loginame etc) to a table. However I can`t get this to work due to permission settings..
Can you write triggers on sysprocesses ? Or is there a better way to do this ?
May 21, 2009 at 7:42 am
passwords or logins?
pretty much no matter what you do, you will not be able to see passwords...it's a huge security hole if you could create a trace or trigger and copy the password used for logging in. that would be ripe for abuse, and that's why MS has prevented the visibility in a trace/profile/DDL/DML event.
now if you mean login,like who is using the "sa" login to get access, that is certainly doable.
Lowell
May 21, 2009 at 7:44 am
Sorry, my mistake.
I need to see who is logging in with certain passwords.
So hostname, loginame, program name is all useful stuff. But can`t get it to log itself !
May 21, 2009 at 7:51 am
The only way you're going to see the passwords is if you put a network sniffer in place and are using unencrypted communication. SQL will not allow you to see the passwords in any way.
You can't put a trigger on sysprocesses because it's not a real table. There's no documented or supported way to put a trigger on any of the system tables.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply