|
Home > Archive > MS SQL Server security > November 2005 > Passwords not case sensitive?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Passwords not case sensitive?
|
|
|
| I have a server that uses specific login/passwords. And through random
testing i noticed that the passwords are not case sensitive. Can this be
changed so that the passwords ARE case sensitive?
thanks,
Ben
| |
| Hari Prasad 2005-10-31, 1:23 pm |
| Hi,
For a Case insensitive sort order/carecter set it is not possible. If you
have a Case sensitive sortorder/char set then automatically
passwords will be case sensitive.
Thanks
Hari
SQL Server MVP
"Ben" <ben_1_ AT hotmail DOT com> wrote in message
news:0E632896-37E7-4EA0-8022- 5AC2D4230F84@microso
ft.com...
>I have a server that uses specific login/passwords. And through random
> testing i noticed that the passwords are not case sensitive. Can this be
> changed so that the passwords ARE case sensitive?
>
> thanks,
> Ben
| |
| Jasper Smith 2005-10-31, 8:23 pm |
| SQL Server 2000 maintains two versions of each login password. One is the
actual password supplied by the user, and the other is the password
converted by to all uppercase letters. This enables case-insensitive
validation of passwords (for case insensitive collations). Although this
behavior is convenient for many users, it makes password-guessing attacks
easier by reducing the number of possible passwords
In SQL 2005 only the actual password is stored. A password entered by a user
must match the password stored in the server (regardless of collation,
however the username can still be in a different case). If a password does
not match the password stored in SQL Server, the login fails. If the precise
case of the password characters is forgotten, the password must be reset.
--
HTH
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Ben" <ben_1_ AT hotmail DOT com> wrote in message
news:0E632896-37E7-4EA0-8022- 5AC2D4230F84@microso
ft.com...
>I have a server that uses specific login/passwords. And through random
> testing i noticed that the passwords are not case sensitive. Can this be
> changed so that the passwords ARE case sensitive?
>
> thanks,
> Ben
| |
| Andy Davis 2005-11-25, 3:23 am |
| Hi,
Actually it because of *Collation setting* look for your collation and
change it accordingly to case sensitive from case insensitive .
Regards
--
Andy Davis
Activecrypt Team
--------------------------------------------
SQL Server Encryption Software
http://www.activecrypt.com
"Ben" wrote:
> I have a server that uses specific login/passwords. And through random
> testing i noticed that the passwords are not case sensitive. Can this be
> changed so that the passwords ARE case sensitive?
>
> thanks,
> Ben
|
|
|
|
|