Creating users and passwords in code

Question

Post reply

Creating users and passwords in code

Charlottecb

Hall of Fame

Points: 3932
More actions
October 23, 2003 at 1:33 am

#59502

Hi can anyone help.
I would like to be able to create user logins in code and also code to allow users to change there passwords. Ideally I would like to code both of these in stored procs which I can call from my app. Anyone have any ideas on how to do this.
Thanks.

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

Jonathan SSC-Insane Points: 20427 More actions · Answer 1

You don't have to write the stored procedures, as they already exist. Check out sp_adduser and sp_password.

--Jonathan

simon_hyan Ten Centuries Points: 1177 More actions · Answer 2

simon_hyan

Ten Centuries

Points: 1177

October 23, 2003 at 7:46 am

#479288

sp_addlogin

noeld SSC Guru Points: 96590 More actions · Answer 3

be aware that those procedures (

sp_adduser or sp_addlogin) require high PRIVILEGE accounts.

* Noel

MegaDBA Hall of Fame Points: 3518 More actions · Answer 4

One question is why would you want users to change their passwords? As Noeld mentioned, you must grant users the correct level of permissions to run the aforementioned sprocs. Potentially this could be bad in the advent that the dB goes down and the last backup is from 2 days ago, and 15 users have changed their passwords since then. Just isn't efficient and I would have to think that security must not be an issue here? I am very interested in why you would want to do this?

Aurora

SQLBill SSC Guru Points: 51440 More actions · Answer 5

Why should users change their passwords? For security. I don't know about Charlotte, but I want my users to change their passwords every 6 months. A password that never changes is very poor security.

I'm currently working on creating a user interface that will let them change their own passwords.

Also a user CAN change their own password without special privileges.

For Charlotte,

Check out sp_password.

-SQLBill

MegaDBA Hall of Fame Points: 3518 More actions · Answer 6

I understand the need to change passwords for security purposes, but allowing end users to change their database passwords? This is the first I am hearing of this concept.

I am not disputing its necessity, just wanted to hear a scenario where it might be necessary. In the environments I have worked in, the security was either maintained by the DBA, the security team or a developer who may be coding that in their app.

Very interesting, good luck.

Aurora

simon_hyan Ten Centuries Points: 1177 More actions · Answer 7

Normally, different user group should have different access method and security policy.