Our system auditor want to change the way in wich the
security on passwords is used on a sqlserver account:
password expiration, case sensitive, at least N characters
in length, the password must not be the same as the login,
passwords must have a lifetime...
but I don't know how I can do it when our applications can
not use Windows authentication
Can anyone help me?
ThanksHi,
In SQL Server authentication you do not have the facility to set password
policies.
Thanks
Hari
MCDBA
"Miriam" <anonymous@.discussions.microsoft.com> wrote in message
news:62e101c3e5ec$c3f08bf0$a401280a@.phx.gbl...
quote:|||Miriam,
> Hi,
> Our system auditor want to change the way in wich the
> security on passwords is used on a sqlserver account:
> password expiration, case sensitive, at least N characters
> in length, the password must not be the same as the login,
> passwords must have a lifetime...
> but I don't know how I can do it when our applications can
> not use Windows authentication
> Can anyone help me?
> Thanks
>
Hari gave you the right answer.
You can, of course, write your own code to set passwords that will check for
comformity to rules and prevent others from using sp_password. If you did
this, you could create a table to record when the password was last set,
etc. I have done this sort of thing in the distant past, but would not do
it any more unless severely pressed.
A manual method would be to have the security admin set the passwords on SQL
Server accounts and keep a spreadsheet of when they were last changed. If
there are not too many of these the work should not be onerous.
Russell Fields
"Miriam" <anonymous@.discussions.microsoft.com> wrote in message
news:62e101c3e5ec$c3f08bf0$a401280a@.phx.gbl...
quote:|||Hi, Hari
> Hi,
> Our system auditor want to change the way in wich the
> security on passwords is used on a sqlserver account:
> password expiration, case sensitive, at least N characters
> in length, the password must not be the same as the login,
> passwords must have a lifetime...
> but I don't know how I can do it when our applications can
> not use Windows authentication
> Can anyone help me?
> Thanks
>
Do you know about a Microsoft document where they have
wrote about?
I only found a table (MS SQL Server 2000 System
Administration book, Chapter 10)"Security Capabilities of
Windows Authentification Versus SQL Server
Authentication", but that document has not been sufficient
for the auditors
Could you help me with another reference?
Thanks
quote:
>--Original Message--
>Hi,
>In SQL Server authentication you do not have the facility
to set password
quote:
>policies.
>
>Thanks
>Hari
>MCDBA
>
>"Miriam" <anonymous@.discussions.microsoft.com> wrote in
message
quote:
>news:62e101c3e5ec$c3f08bf0$a401280a@.phx.gbl...
characters[QUOTE]
login,[QUOTE]
can[QUOTE]
>
>.
>
No comments:
Post a Comment