Login or Sign Up to become a member!
LessThanDot Sit Logo

LessThanDot

Data Management

Less Than Dot is a community of passionate IT professionals and enthusiasts dedicated to sharing technical knowledge, experience, and assistance. Inside you will find reference materials, interesting technical discussions, and expert tips and commentary. Once you register for an account you will have immediate access to the forums and all past articles and commentaries.

LTD Social Sitings

Lessthandot twitter Lessthandot Linkedin Lessthandot friendfeed Lessthandot facebook Lessthandot rss

Note: Watch for social icons on posts by your favorite authors to follow their postings on these and other social sites.

Your profile

    Tools

    Tag cloud

    azure book business intelligence ctp database dates denali dmv functions gotcha high availability how to howto indexing mirroring performance sql sql friday sql server sql server 2000 sql server 2005 sql server 2008 sql server 2008 r2 sql server 2012 sql server denali sql server integration services ssis t-sql tip trick

    Authors

    Main Categories

    Search

    XML Feeds

    What is RSS?

    Google Ads

    « Compressing Data with Uniqueidentifier columnsWindows Server 2008 R2 Failover Clustering: It's Cool »
    1
    comments

    SQL Server DBA Tip 6 - Server Security – Windows Authentication / SQL Authentication

    by Ted Krueger (onpnt) on May 03, 2011 in categories Database Administration, Microsoft SQL Server Admin, Microsoft SQL Server
    Instapaper

    Defaults surround us in SQL Server.  This is both a good thing and a bad thing.  Part of the SQL Server installation process is the choice of mixed mode security.  Mixed mode in SQL Server means both SQL Authentication and Windows Authentication can be used.  By default, SQL Server has Windows Authentication selected.  Changing this default to mixed mode should be taken seriously.

    Mixed Mode vs. Windows Authentication

    When operating in Mixed Mode, both Windows Authentication and SQL Authentication can be utilized for connections to SQL Server.  Sometimes the choice is not up to us on using one or the other.  Applications that are built to use SQL Authentication force mixed mode over the Microsoft recommended, Windows Authentication.  Windows Authentication is deemed more secure due to no password validation at the SQL Server level.  This is all handled in Windows and the principal token.  With SQL Authentication the passwords are validated and held on SQL Server.

    Why would I ever use SQL Authentication?

    Controlling security based on SQL Authentication isn’t a bad thing.  The loss of the domain and failures to login by means of Windows Authentication alone can push to enabling mixed mode.  One tip that should be noted with configuring mixed mode security: sa is a known system administrator account on SQL Server and is commonly part of malicious attacks.  Leaving this account enabled is not recommended.  To read more on enabling or disabling sa, To SA or not to SA

    I didn’t enable mixed mode and need it now

    Luckily, if mixed mode was not selected and the need for SQL Authentication arises, it is a configuration change that can be performed without a major effect on SQL Server.  Restarting SQL Server is not required for the change and the user activities are not directly impacted at the time the change is made.

    To change from Windows Authentication to Mixed Mode, use SSMS under the Server Properties and Security page.  Change Server Authentication as needed.

    Resources

    Change Server Authentication Mode

    Choosing an Authentication Mode

    Security Considerations SQL Server

    SQL Server 2005 (applicable for 2008) Best Practices

    About the Author

    Ted Krueger is a SQL Server MVP and has been working in development and database administration for 13+ years. Specialties range from High Availability and Disaster / Recovery setup and testing methods down to custom assembly development for SQL Server Reporting Services. Ted blogs and is also one of the founders of LessThanDot.com technology community. Some of the articles focused on are Backup / Recovery, Security, SSIS and working on SQL Server and using all of the SQL Server features available to create stable and scalable database services. @onpnt
    Social SitingsTwitterLinkedInLTD RSS Feed
    687 views
    Read More Posts by Ted Krueger (onpnt)
    Instapaper

    1 comment

    Comment from: David Forck (thirster42) [Member]
    the thing that really gets me are apps that require mixed mode, and then the app CREATES sql logins for users. BLAH!!!
    05/04/11 @ 09:45

    Leave a comment


    Your email address will not be revealed on this site.

    Your URL will be displayed.
    (Line breaks become <br />)
    (Name, email & website)
    (Allow users to contact you through a message form (your email will not be revealed.)

    Powered by B2Evolution
    Valid XHTML | Valid CSS