August 31, 2007 at 4:35 am
Hi all, this may sound a bit of a silly question, but it comes from our Audit guys.
Is there a way to make the user passwords within Sql a bit more secure, by that I mean they have asked questions like.
Can the password be more than 8 Chars or more etc.
Can you enforce that it has to be Mixed Chars
Can you enforce it so that it must be changed on a regular basis, etc etc.
Can this be done
Cheers
August 31, 2007 at 5:00 am
You can't do anything like that with SQL authentication in SQL Server 2000. Your only options are to use Windows authentication or to upgrade to SQL Server 2005.
John
August 31, 2007 at 5:08 am
Hi John, that is what I thought but I had to ask as you guys are far more experienced than I.
Cheers
August 31, 2007 at 7:41 am
Agree with John. We came up with a hack to force changes in SQL2000, but we couldn't deal with complexity.
August 31, 2007 at 7:46 am
Thanks guys
November 29, 2007 at 9:46 am
SSC Rookie,
As for enforcing password changes on a timely basis, I haven't found anything for that. But as for Mix characters and length you can always update the sp_password and sp_addlogin. We have that a work. We check password length. Require special character usage, alphanumeric. It works fine for us. I know in 2005 you can use the policy edit. But I think that may become an issue to other accounts on the box not being used for SQL.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply