sa password rules
in [Programming SQL]
|
From: Igor Solodovnikov on 24 Jan 2006 11:52 It takes few minutes, not seconds for SQL Server installer to check that password. So i think this is not a good practice to check password this way. Imagine a user entering password, clicking ok and receives error "password is not strong enough" in 3 minutes ... On Tue, 24 Jan 2006 18:06:01 +0200, Ryan <Ryan_Waight(a)nospam.hotmail.com> wrote: > How about encompassing the whole thing in a TRY.. CATCH Block... > > ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/tsqlref9/html/248df62a-7334-4bca-8262-235a28f4b07f.htm > > You'll need to check the severity of the error returned when a password > doesn't meet the rules as there are certain severity's that are > unaffected > by TRY..CATCH >
From: Ryan on 24 Jan 2006 11:51 I missed the fact this was during install, i assumed you were doing a ALTER LOGIN sa WITH PASSWORD = '3dsadsadsad7'; -- HTH. Ryan "Igor Solodovnikov" <IgorSolodovnikov(a)discussions.microsoft.com> wrote in message news:op.s3v6h8iin8ihmu(a)iw2k.helpmicro.local... > It takes few minutes, not seconds for SQL Server installer to check that > password. So i think this is not a good practice to check password this > way. Imagine a user entering password, clicking ok and receives error > "password is not strong enough" in 3 minutes ... > > On Tue, 24 Jan 2006 18:06:01 +0200, Ryan <Ryan_Waight(a)nospam.hotmail.com> > wrote: > >> How about encompassing the whole thing in a TRY.. CATCH Block... >> >> ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/tsqlref9/html/248df62a-7334-4bca-8262-235a28f4b07f.htm >> >> You'll need to check the severity of the error returned when a password >> doesn't meet the rules as there are certain severity's that are >> unaffected >> by TRY..CATCH >> >
From: David Gugick on 24 Jan 2006 23:41 Igor Solodovnikov wrote: > It takes few minutes, not seconds for SQL Server installer to check > that password. So i think this is not a good practice to check > password this way. Imagine a user entering password, clicking ok and > receives error "password is not strong enough" in 3 minutes ... > > <SNIP> From BOL: Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines. a.. The password does not contain all or "part" of the user's account name. Part of an account name is defined as three or more consecutive alpha-numeric characters delimited on both ends by "white space" (space, tab, return, etc.) or any of the following characters: , . - _ # b.. The password is at least six characters long. c.. The password contains characters from three of the following four categories: a.. English uppercase letters (A ? Z) b.. English lowercase letters (a ? z) c.. Base 10 digits (0 ? 9) d.. Non?alphanumeric (For example: !, $, #, or %) -- David Gugick Quest Software www.quest.com
From: Igor Solodovnikov on 25 Jan 2006 05:04 On Wed, 25 Jan 2006 06:41:23 +0200, David Gugick <david.gugick-nospam(a)quest.com> wrote: > b.. The password is at least six characters long. But i successfully set password okok to sa account... So SQL Server uses another set of rules.
From: Daniel Crichton on 25 Jan 2006 07:18 Igor wrote on Tue, 24 Jan 2006 17:27:29 +0200: > SQL Server 2005 rejects empty or very short sa passwords. Where can i read > formal definition of sa password rules. I writing setup application which > will install SQL Server Express in command line unattended mode. So i need > to check sa password for its stronginess prior to passing it to SQL > Server's installer. It only does this if you have enabled Password Complexity Policy. During install on my test server I had no trouble using the password sa for the sa account, as you have to explicitly enable the policy using ALTER LOGIN for each login. Dan
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: SQL 2005 Mirroring Databases Next: Unmanaged code from SQLServer 2005 CLR |