SQL 2000 SP3 is live!

  • SQL Server 2000 SP3 is now live and out of beta. You can download it here:

    http://www.microsoft.com/sql/downloads/2000/sp3.asp

    Be sure to read the readme carefully. There are some significant security changes and you'll be prompted for one of them when you install (cross database ownership chaining). You'll also want to grab the updated Books Online.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • There is supposed to be an update BOL included with some additonal changes as well. I haven't had a chance to check but that was listed to be coming. Can anyone confirm please?

  • Yes, the Books Online has been updated. The link is available from the SP 3 main page.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • So far so good. Installed SP3 on a dev and tst box. Can't say I am thrilled about the change to sp_change_users_login--requirement for @password. It is good thing closing potential security holes, though!

  • quote:


    Can't say I am thrilled about the change to sp_change_users_login--requirement for @password. It is good thing closing potential security holes, though!


    If the login already exists the password was not necessary on my test machine.

    So, there are only advantages.

    Joachim.

  • If you have a large environment like ours you spend a lot of time moving databases between servers. The target box, for a new project, seldom has the need SQL account. You can now creat it all in one step with sp_change_users_login 'auto_fix','exampleDB',@password='PWD12!4DM'. So yes this is a good thing, but it did require a change to the way we do things and it is not backward compatible for SP2 boxes.

  • The @password option was added for the case where the DBA runs sp_change_users_login with @action = Auto_Fix. The idea is to prevent new logins from being created that have blank passwords.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • Yes, but why not just check for null passwords or prohibit the creation of a new account with a null password? The way it was written broke our existing scripts. Such is one of the many problems caused by retro-fitting trustworthy computing into an existing technology. I like the goal, just wish they had started the journey earlier...

  • quote:


    prohibit the creation of a new account with a null password


    Well, this is what they are doing. If the stored procedure finds a matching login, the password field is ignored. It's only used for creating new accounts. Since the auto_fix action will creating a login if it can't match one up, it's the only safe way to do it. If the action is update_one, the password parameter isn't required.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • Thanks for pointing out the nuance between auto_fix and update_one! I was using auto_fix with parameters that in effect worked like update_one. By changing to update_one our scripts work again.

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply