|
|
How can Windows authentication be safer then SQL authentication
Hello!
This question assume we use SQL Server 2005 or SQL server 2008.
All claim that using Window authentication to access a sql server database
is safer then using SQL authentication.
For me I would say that using SQL authentication would be safer because of
the text below.
I mean that to access a SQL Server database it's enought to have a valid
window account on that server.
Assume we want to use SQL Server and we install it on server X. Then if we
want to use Window authentication
we must have a valid window account on that server but if we choose to use
SQL authentication we must create an
account/password in the sql server database.
Can somebody tell me the reason why using window authentication is safer
then using SQL authentication.
How can you prevent a person to access SQL server using window
authentication that also have a window account on the same server where SQL
server is installed
//Tony
|
|
0
|
|
|
|
Reply
|
 Tony
|
11/23/2009 11:03:21 AM |
|
Hi Tony,
Not all valid windows users on the server get access to the SQL Server. Only
users belonging to certain windows groups which have access to SQL Server
are allowed to login to SQL Server.
Regards, Balaji
"Tony Johansson" <johansson.andersson@telia.com> wrote in message
news:ZZtOm.12952$U5.192933@newsb.telia.net...
> Hello!
>
> This question assume we use SQL Server 2005 or SQL server 2008.
> All claim that using Window authentication to access a sql server database
> is safer then using SQL authentication.
> For me I would say that using SQL authentication would be safer because of
> the text below.
> I mean that to access a SQL Server database it's enought to have a valid
> window account on that server.
>
> Assume we want to use SQL Server and we install it on server X. Then if we
> want to use Window authentication
> we must have a valid window account on that server but if we choose to use
> SQL authentication we must create an
> account/password in the sql server database.
>
> Can somebody tell me the reason why using window authentication is safer
> then using SQL authentication.
>
> How can you prevent a person to access SQL server using window
> authentication that also have a window account on the same server where
> SQL server is installed
>
> //Tony
>
|
|
|
0
|
|
|
|
Reply
|
Balaji
|
11/23/2009 11:48:18 AM
|
|
Tony
If that account is member of Administrator role on the machine that SQL
Server runs , so you CANNOT
The princip depends upon the data access needs of your domain users, group
them into different global groups in the domain and then consolidate these
global groups from all the trusted domains into the Windows Server local
groups in your SQL Server computer then grant access to log into the SQL
Server
I am sure you are aware of above
Also there is anothe argument of using WA rather than Mixed
http://dimantdatabasesolutions.blogspot.com/2007/04/sql-or-windows-authentication.html
"Tony Johansson" <johansson.andersson@telia.com> wrote in message
news:ZZtOm.12952$U5.192933@newsb.telia.net...
> Hello!
>
> This question assume we use SQL Server 2005 or SQL server 2008.
> All claim that using Window authentication to access a sql server database
> is safer then using SQL authentication.
> For me I would say that using SQL authentication would be safer because of
> the text below.
> I mean that to access a SQL Server database it's enought to have a valid
> window account on that server.
>
> Assume we want to use SQL Server and we install it on server X. Then if we
> want to use Window authentication
> we must have a valid window account on that server but if we choose to use
> SQL authentication we must create an
> account/password in the sql server database.
>
> Can somebody tell me the reason why using window authentication is safer
> then using SQL authentication.
>
> How can you prevent a person to access SQL server using window
> authentication that also have a window account on the same server where
> SQL server is installed
>
> //Tony
>
|
|
|
0
|
|
|
|
Reply
|
Uri
|
11/23/2009 12:40:24 PM
|
|
Tony Johansson (johansson.andersson@telia.com) writes:
> This question assume we use SQL Server 2005 or SQL server 2008.
> All claim that using Window authentication to access a sql server database
> is safer then using SQL authentication.
> For me I would say that using SQL authentication would be safer because of
> the text below.
> I mean that to access a SQL Server database it's enought to have a valid
> window account on that server.
>
> Assume we want to use SQL Server and we install it on server X. Then if
> we want to use Window authentication we must have a valid window account
> on that server but if we choose to use SQL authentication we must create
> an account/password in the sql server database.
>
> Can somebody tell me the reason why using window authentication is safer
> then using SQL authentication.
Windows authentication is considered safer, because Windows is better
protected against brute-force attacks and it is more difficult to sniff
a password with a line-listener.
Although, starting with SQL 2005 on Win2003 and later, you can have the
same protection as in Windows against brute-force attacks, and you can
also apply Windows policy to passwords.
To login with SQL Server with SQL authentication, all you need is a
username and a password and TCP/IP access. To login to SQL Server with
Windows authentication, you first need to log into Windows.
> How can you prevent a person to access SQL server using window
> authentication that also have a window account on the same server where
> SQL server is installed
Simple. You don't grant that person or any group he is member of access to
SQL Server.
If the person has adminsitrator rights on the machine, you should drop
the login BUILTIN\Administrators. (But before this, ensure that some other
Windows user has sysadmin rights in SQL Server, or else you may be in
trouble.)
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
|
|
|
0
|
|
|
|
Reply
|
Erland
|
11/23/2009 1:18:28 PM
|
|
|
3 Replies
138 Views
(page loaded in 0.081 seconds)
Similiar Articles: Access to SQL Server from DMZ - is Mixed Mode authentication ...Hi, Can you access SQL Server 2008 in an intranet from a DMZ web server using Windows Authentication? ... SQL Server ... access to SQL; even more then ... Request.form stops working after clicking on page with Integrated ...I can't use Integrated Windows authentication for the whole site because then some important users who are outside the ... Microsoft SQL Server, Error: -1) For help, click ... Login failed for user 'x', Error: 18456 - microsoft.public ...... integrated security (also called windows authentication).....then ... en&source=hp&q=sql+authentication+vs+windows+authentication&aq=2&aqi=g10&aql=&oq=sql ... Failed select query over linked server - microsoft.public ...We have 2 sql 2008 servers (10.0.2531) linked with current user contexts. Windows authentication used. Connections working, and in general we can ... trouble moving db to 2005 from 2000 - microsoft.public.sqlserver ...I logged into SSMS 2005 using both windows authentication and also ... > > So then I thought perhaps I should log into the 2005 SQL server as sa > which I did. Login Prompt - microsoft.public.sharepoint.setup_and ...I am using : Windows 2003 R2-SP2 SQL 2005-SP2 Sharepoint 2007-SP2 Basic Authentication unchecked Using NTLM Users using XP-SP2/SP3 with IE6 or... 401 Authentication Error when running reports - microsoft.public ...4) Change Server Authentication from Windows Authentication mode to SQL ... ... Which suggests to me that it's an authentication problem. But why then do the same ... Admin access to MSPOSINSTANCE? (POS 2009) - microsoft.public.pos ...By default SQL 2005 and higher only use Windows Authentication. >> You >> will have to specifically ... as fas as I know would be to = install=20 SQL Express then <BR ... Load operation failed for query GetUser - microsoft.public.dotnet ...> So, you're using Windows authentication on SQL Server, which causes IIS worker process user ... 2000 DC's. ... strDC&"/"&strGroup&"," & strDomain) if Err.Number <0 then ... AD Security Groups break Authentication - microsoft.public.windows ...It takes 4+ minutes to login, then >>>>> there are very noticable delays ... Windows/SQL Authentication... - microsoft.public.sqlserver.server ... Hello, I had a Windows 2000 ... Choose an Authentication Mode - Microsoft Corporation: Software ...Windows Authentication mode enables Windows Authentication and disables SQL ... during setup, you must provide and then confirm a strong password for the built-in SQL ... Application and Network Authentication with the .NET Compact Framework... GPRS] and hotspots) outside the safer ... When you use SQL Server Compact, you can authenticate the local ... only need to enable the Integrated windows authentication ... 8/1/2012 12:46:06 PM
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
5 followers. 