September 14, 2010 at 11:02 am
In my opinion, the sa account's password must be as complex as possible - and as less used as possible. For non-emergency work, the DBA's Windows login must be added to the SERVERADMIN role - almost as good as SYSADMIN, but not that good.
As a standard practice, all users and applications must use Integrated Security, i.e. Windows authentication.
SQL Server itself ships with some great roles - we should be making use of them based on the requirement; and if we can't we should have a limited permissions user role, and all the necessary users should be part of the role.
Thanks & Regards,
Nakul Vachhrajani.
http://nakulvachhrajani.com
Follow me on
Twitter: @sqltwins
September 14, 2010 at 11:12 am
steveb. (9/14/2010)
torpkev (9/14/2010)
My biggest annoyance with sa - quite outside of this discussion - is those people who use sa to connect to the database because they don't know any better - then they get a dba who gets to look at it 3 years later and find it saved in clear text in a hundred different places..agree totally with this, the sa account does get abused and it is not un-common to find it lurking around in .net config files in plain text.
Indeed, it's amazing simple to find it lurking around in config files.
Just Google the following:
filetype:config +connectionString +"id=sa"
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 2 posts - 16 through 16 (of 16 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy