December 6, 2010 at 9:53 am
First apologies for this .... and in SQL 2000 too.
Dev wants to create a process to allow nominated logins (specific application users) change the passwords of change the login passwords of users in a specific db(same specific application).
Their latest proposal: allow the nominated logins insert a login/new pwd record into a table into the user db and to have a SQL job poll that table and change the password based on the record.
The alternative is to allow the nominated users be member of securityadmin srv role. I'm not keen on this option because they'll have access to change other logins but after hearing their proposal it some how seems preferable. I just can't explain why an automated job polling for a pwd change is wrong.
Incidentally we're talking 50 pwd changes in 6 months give or take.
....be gentle
December 6, 2010 at 10:22 am
You should be aware that someone in the securityadmin role can easily give themselves sysadmin access.
You can see a discussion of that on this thread:
http://www.sqlservercentral.com/Forums/Topic1009352-1550-1.aspx
I think a better solution is for users to access the server via Windows logins so that password changes happen outside of SQL Server.
December 6, 2010 at 10:26 am
Thank you but that behaviour, I believe, applies to SQL 2005 on. My scenario is for SQL 2000.
December 6, 2010 at 10:33 am
pilot72 (12/6/2010)
Thank you but that behaviour, I believe, applies to SQL 2005 on. My scenario is for SQL 2000.
Then why did you post your question in a SQL 2005 forum?
However, I didn't say that was the only way that could be accomplished. That was just what I came up with in about 5 minutes.
December 6, 2010 at 10:46 am
again, apologies, I did preface this twice by saying it was SQL 2000.
Now that I've found the 2000 forum I shall move/delete this.... if I can
Thanks for your observations
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply