Creating users and passwords in code

  • Hi can anyone help.

    I would like to be able to create user logins in code and also code to allow users to change there passwords. Ideally I would like to code both of these in stored procs which I can call from my app. Anyone have any ideas on how to do this.

    Thanks.

  • You don't have to write the stored procedures, as they already exist. Check out sp_adduser and sp_password.

    --Jonathan



    --Jonathan

  • sp_addlogin

  • be aware that those procedures (

    sp_adduser or sp_addlogin) require high PRIVILEGE accounts.


    * Noel

  • One question is why would you want users to change their passwords? As Noeld mentioned, you must grant users the correct level of permissions to run the aforementioned sprocs. Potentially this could be bad in the advent that the dB goes down and the last backup is from 2 days ago, and 15 users have changed their passwords since then. Just isn't efficient and I would have to think that security must not be an issue here? I am very interested in why you would want to do this?


    Aurora

  • Why should users change their passwords? For security. I don't know about Charlotte, but I want my users to change their passwords every 6 months. A password that never changes is very poor security.

    I'm currently working on creating a user interface that will let them change their own passwords.

    Also a user CAN change their own password without special privileges.

    For Charlotte,

    Check out sp_password.

    -SQLBill

  • I understand the need to change passwords for security purposes, but allowing end users to change their database passwords? This is the first I am hearing of this concept.

    I am not disputing its necessity, just wanted to hear a scenario where it might be necessary. In the environments I have worked in, the security was either maintained by the DBA, the security team or a developer who may be coding that in their app.

    Very interesting, good luck.


    Aurora

  • Normally, different user group should have different access method and security policy.

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply