password attributes - Mixed mode

Question

password attributes - Mixed mode

tjaybelt

SSCrazy

Points: 2604
More actions
January 7, 2005 at 1:01 pm

#91914

is there a setting in sql server, where i can setup minimum requirements for the sql server user password? like windows has authentication paramaters, ( has to be 15 chars long, etc.)
i know that if i use windows authentication, it will force it via the system. But what forces me as a dba, to use certain password attributes in sql server user/password creation?

thanks

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 1

No, there is no setting in SQL Server 2000. Hence the adoption of whatever the settings are for the OS in SQL Server 2005. The only option is you can modify sp_password to include checks (home-grown), but that's not supported by MS, obviously.

K. Brian Kelley
@kbriankelley

tjaybelt SSCrazy Points: 2604 More actions · Answer 2

thanks a ton. I figured that was the case, but wanted to make sure i wasnt making stuff up.

This is for a sox audit, and i had to either prove the settings were such and such, or show that there were no provings. I will be quoting you as a reference to what i guessed was the case already.

thanks

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 3

If you need specific references more than a message board post:

- SQL Server 2005 Books Online (preliminary documentation since it is still in beta)

- My security column in the January 2004 issue of SQL Server Standard Magazine

- Chip Andrews' March 2001 article from MCP Magazine

- Randy Dyess' Performing a SQL Server Security Assessment whitepaper (.PDF format - pages 31-32) at his web site

K. Brian Kelley
@kbriankelley

Yelena Varshal SSC-Dedicated Points: 34286 More actions · Answer 4

To bkelley:

Brian, one of your advises is to modify sp_password. I already posted topics in 2005 section, I can NOT get to the text of system stored procedures in 2005. Please, do you know more about it? Could you post any references if system SPs in 2005 could be viewed or modified? I do have BOL 2005 Beta.

Yelena

Regards,Yelena Varsha

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 5

For those interested in finding the contents of system stored procedures in SQL Server 2005, I've posted to a threat Yelena started:

Getting text of system stored procedures in 2005

K. Brian Kelley
@kbriankelley