January 27, 2004 at 10:45 pm
Can i set sql logins to take only case sensitive passwords.
Being that Win2k and w2003 has the facility to force password length and is case sensitive, does sql server offer the same protection or is this a week link in w2k/sql2k operation.
Regards
Don Grover
January 27, 2004 at 11:12 pm
SQL Server passwords are not case-sensitive, and I don't think you can change that.
If you wanted to make sure SQL Server passwords had a minimum length or some other measure of complexity, you'd probably have to edit sp_password (I might get flamed just for suggesting that!), since you can't put triggers on system tables, and even if you could, the plain-text version of the trigger would be unavailable.
Of course, MS would say that this "only" applies to SQL-authenticated logins. Windows-authenticated logins automatically enjoy all the additional functionality of the Windows password policies.
Cheers,
Chris
January 27, 2004 at 11:29 pm
Thanks for verifying it,.
Seems a bit of a loose end as far as security.
Don
January 28, 2004 at 4:01 am
Yeah, they really are pushing for you to use WIndows Authentication for optimal security.
January 28, 2004 at 8:14 am
Passwords will be case-sensitive if the server (or instance) is created with a case-sensitive collation.
--Jonathan
January 28, 2004 at 8:28 am
Doh! I didn't even think about that, because we never install case-sensitive servers anymore.
Thanks for the correction, Jonathan.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply