Home > Archive > MS SQL Server security > November 2005 > Why use Win Authentication instead of SQL









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Why use Win Authentication instead of SQL
Otis Bricker

2005-11-10, 8:23 pm

Could anyone point me towards a document that itemizes the security
advantages of using Windows Authentication rather than SQL Server logins?
Preferably something from MS directly.

I need some ammo to deal with a request that we stop using Windows in favor
of logins. As if the ability to control and change passwords in one place
wasn't enough.

Thanks.

Otis B.
Hal Berenson

2005-11-11, 3:23 am

See Authentication in
http://msdn.microsoft.com/SQL/2000/...br /> ntication

Note that with SQL Server 2005 the arguments become somewhat fewer since SQL
logins have been greatly enhanced (example, expiration dates, minimum
lengths, lockouts, etc.). But the two key items remain: You are still
embedding passwords in the connection string of your application code (or in
some other non-secure location) and you still transmit them over the
network. Add those to having single-system signon and Windows logins are
still compelling for most scenarios.

--
Hal Berenson, President
PredictableIT, LLC
www.predictableit.com



"Otis Bricker" <obricker@my-dejanews.com> wrote in message
news:Xns970AC280EEFE
2obrickermydejanewsc
o@207.46.248.16...
> Could anyone point me towards a document that itemizes the security
> advantages of using Windows Authentication rather than SQL Server logins?
> Preferably something from MS directly.
>
> I need some ammo to deal with a request that we stop using Windows in
> favor
> of logins. As if the ability to control and change passwords in one place
> wasn't enough.
>
> Thanks.
>
> Otis B.


Andy Davis

2005-11-18, 3:23 am

Hi,
I would suggest to read :
http://vyaskn.tripod.com/ sql_serve...ices
.htm
http://vyaskn.tripod.com/ sql_serve...t_practices.htm
--
Andy Davis
Active Crypt Team
--------------------------------------------SQL Server Encryption
Decryption Software
http://www.activecrypt.com



"Hal Berenson" wrote:

> See Authentication in
> http://msdn.microsoft.com/SQL/2000/...br /> ntication
>
> Note that with SQL Server 2005 the arguments become somewhat fewer since SQL
> logins have been greatly enhanced (example, expiration dates, minimum
> lengths, lockouts, etc.). But the two key items remain: You are still
> embedding passwords in the connection string of your application code (or in
> some other non-secure location) and you still transmit them over the
> network. Add those to having single-system signon and Windows logins are
> still compelling for most scenarios.
>
> --
> Hal Berenson, President
> PredictableIT, LLC
> www.predictableit.com
>
>
>
> "Otis Bricker" <obricker@my-dejanews.com> wrote in message
> news:Xns970AC280EEFE
2obrickermydejanewsc
o@207.46.248.16...
>
>
>
Sponsored Links





Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive | Programming forum archive

Copyright 2009 droptable.com