September 14, 2010 at 11:02 am
In my opinion, the sa account's password must be as complex as possible - and as less used as possible. For non-emergency work, the DBA's Windows login must be added to the SERVERADMIN role - almost as good as SYSADMIN, but not that good.
As a standard practice, all users and applications must use Integrated Security, i.e. Windows authentication.
SQL Server itself ships with some great roles - we should be making use of them based on the requirement; and if we can't we should have a limited permissions user role, and all the necessary users should be part of the role.
Thanks & Regards,
Nakul Vachhrajani.
http://nakulvachhrajani.com
Follow me on
Twitter: @sqltwins
September 14, 2010 at 11:12 am
steveb. (9/14/2010)
torpkev (9/14/2010)
My biggest annoyance with sa - quite outside of this discussion - is those people who use sa to connect to the database because they don't know any better - then they get a dba who gets to look at it 3 years later and find it saved in clear text in a hundred different places..agree totally with this, the sa account does get abused and it is not un-common to find it lurking around in .net config files in plain text.
Indeed, it's amazing simple to find it lurking around in config files.
Just Google the following:
filetype:config +connectionString +"id=sa"
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 2 posts - 16 through 16 (of 16 total)
You must be logged in to reply to this topic. Login to reply