Windows/SQL Authentication...
in [Server Configuration]
|
Prev: Low performance on SQL Server 2008 Std 64 bit
Next: Upgrade Old DB Structure to New DB while keeping all data intact
From: James Hunter Ross on 12 Nov 2009 17:50 Friends, I always read that "Windows Authentication" security is much more secure than "SQL Server Authentication" security. (Although I don't quite understand why, exactly.) I also seem to remember reading that SQL Server Authentication might be "deprecated" at one point and eventually go away. (Although I can't say I remember when.) Is there any buzz about SQL Server Authentication EVER going away? How could it; don't too many folks rely on it? I'm just curious since we are doing some research on "future proofing" our products. Thanks for any thoughts! James
From: Tibor Karaszi on 13 Nov 2009 07:21
Hi James, I believe that MS at one point in time had the idea to eventually get rid of SQL logins. But later realized that this won't happen, so they instead added functionality to SQL logins in 2005 (pwd policies etc). For Win logins, the pwd isn't transmitted over the wire. For SQL logins, it is (encrypted by a self sign certificate if I understand things). That might possibly be one side of "win logins are more secure". But I also have a feeling that this notion also dates back a bit (for instance before we had pwd policies, not to mention those times when default pwd for sa were NULL). -- Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://sqlblog.com/blogs/tibor_karaszi "James Hunter Ross" <james.ross(a)oneilsoft.com> wrote in message news:u1mDHq#YKHA.4932(a)TK2MSFTNGP02.phx.gbl... > Friends, > > I always read that "Windows Authentication" security is much more secure > than "SQL Server Authentication" security. (Although I don't quite > understand why, exactly.) I also seem to remember reading that SQL Server > Authentication might be "deprecated" at one point and eventually go away. > (Although I can't say I remember when.) > > Is there any buzz about SQL Server Authentication EVER going away? How > could it; don't too many folks rely on it? > > I'm just curious since we are doing some research on "future proofing" our > products. Thanks for any thoughts! > > James > > |