[dba-SQLServer] Back to the login thing

Haslett, Andrew andrew.haslett at ilc.gov.au
Mon Nov 22 23:07:27 CST 2004


Fair enough.

However, despite what you've read, I wouldn't say SQL Authentication is
*insecure* - well, its definitely no worse than entering a username /
password on a website which I'm sure you do from time to time..  

You still neet to get access *through firewall and NAT* to the network that
the server is on (which is currently your LAN) and *then* guess a username
and password for an account on SQL, which *then* must have the necessary
privileges to do any harm to the server.

And to be honest, if your LAN is compromised, odds are the administrator
account will be hacked anyway, giving the user access to the SQL server
whether you're using Windows or SQL authentication. 

Anyway, I'm assuming that whatever the final product, its not going to
remain on your home LAN is it?  What I'm getting at, is that once its
finished, an entirely new security model will need to be implemeted on the
server that it will reside on, so its pretty much irrelevant as to how
you're accessing the database from EM at the moment.

Even if it is to remain on your LAN it takes only the click of a button to
switch off SQL Authentication..

Considering the trouble its caused you and the time lost trying to set up
Windows Auth, seems pretty pointless not to use SQL Authentication to get
the job done in the meantime...

-----Original Message-----
From: John W. Colby [mailto:jwcolby at colbyconsulting.com] 
Sent: Friday, 19 November 2004 12:56 AM
To: dba-sqlserver at databaseadvisors.com
Subject: RE: [dba-SQLServer] Back to the login thing

Andrew,

While I am the only user of this db ATM, in the near future the owners of
the database expect to be able to use it in some undetermined manner.  I do
not know yet the "how" of the access - it will probably be a mix of web
server, remote access and / or vb.net application.  In any event I have read
(and as you are well aware I am totally ignorant on this stuff) that using
windows authentication is more secure.  I am therefore making every effort
to get this set up from the gitgo to do that so I don't have a "gaping
security hole" hanging out there forgotten.

John W. Colby
www.ColbyConsulting.com 

Contribute your unused CPU cycles to a good cause:
http://folding.stanford.edu/

-----Original Message-----
From: dba-sqlserver-bounces at databaseadvisors.com
[mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Haslett,
Andrew
Sent: Wednesday, November 17, 2004 11:11 PM
To: 'dba-sqlserver at databaseadvisors.com'
Subject: RE: [dba-SQLServer] Back to the login thing


As we've suggested multiple times, why are you using Windows Only
Authentication?

If this is just an internal system, then there's no need.  Just set up some
accounts using SQL Authentication on the other boxes and connect to it using
this username and password.  Presto. You're done. 

-----Original Message-----
From: John W. Colby [mailto:jwcolby at colbyconsulting.com]
Sent: Thursday, 18 November 2004 1:04 PM
To: dba-sqlserver at databaseadvisors.com
Subject: [dba-SQLServer] Back to the login thing

I really need to get query analyzer able to run on Neo2 SQL Server from all
of my workstations.  I have gone through the systems setting security on the
servers to Windows only / System Account.  EM is now able to see Neo2 Server
from all the workstations, and can in fact browse the tables, open the main
table and return records etc.  

QA however fails at the login with a consistent "Login failed for user
'Neo2\Guest'".  Msg 18456, level 16, state1.  On Neo1, Neo2 and Soltek1 I am
logging in to Windows as Administrator with an identical password on each of
those three machines.  I can use QA on Neo2 but I cannot use QA on Neo1 or
Soltek1 against Neo2.

Can anyone help me figure this thing out?  I REALLY need to get all my
workstations banging queries against SQL Server on Neo2.

John W. Colby
www.ColbyConsulting.com 

Contribute your unused CPU cycles to a good cause:
http://folding.stanford.edu/


_______________________________________________
dba-SQLServer mailing list
dba-SQLServer at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** This email and any files
transmitted with it are confidential and may contain information protected
by law from disclosure. 
If you have received this message in error, please notify the sender
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this email,
are free from computer viruses or other defects. They are provided on the
basis the user assumes all responsibility for loss, damage or consequence
resulting directly or indirectly from their use, whether caused by the
negligence of the sender or not.
_______________________________________________
dba-SQLServer mailing list
dba-SQLServer at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
http://www.databaseadvisors.com




_______________________________________________
dba-SQLServer mailing list
dba-SQLServer at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.



More information about the dba-SQLServer mailing list