October 22, 2005 at 7:32 am
A problem of security:
From a vb.net form I created the chance to add an SQL Server user with role as administrator.
To create it, username and password are retrieved from two text box and then the login is created with:
cmdSQL = "EXEC sp_addlogin '" & txtUser.text & "', '" txtPwd.text & "'"
then the cmdSQL is executed.
Then:
added to Administrator role as follow:
cmdSQL = "EXEC sp_addsrvrolemember '" & txtUser.text & "', ' sysadmin'"
then the cmdSQL is executed.
Everyting works well: user is created in the specified SQL Server and added to administrator role.
My question is:
Doing so...are there problem of security? Password could be read when sp_addlogin is executed....?
An encrptyon method must be used?
This is very important because the new user created has administrator privilege.
Any help or siggestion may be helpful...
Thank
October 24, 2005 at 12:10 am
Doing so...are there problem of security?
Uhm, well definitely. I would say that unless you are creating your own Enterprise Manager-ish admin client I would seriously question the need to create sysadmin-member logins from the client.
October 24, 2005 at 9:47 am
Because some store proc have to open a connection with linked server and because they run on servers that I do not manage (and I do not where they are).....to have a trust relashionship between 2 SQL servers SAME login must be located on both servers, otherwise ..................
In this case with client a user will be added on both server.
thank
October 24, 2005 at 10:09 am
I would still consider it a confiuration issue, e.g. something that an admin sets up using Enterprise Manager or his tool of choice. And why does the logins need to be sysadmin?
But to give some kind of answer to your initial question, yes, you should use a secure login and take other measures to be as secure as possible. The same of course goes if someone is using Enterprise Manager across the network to create logins.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply