SQL Server Performance

SQL Server Vs Windows Authentication

Discussion in 'Performance Tuning for DBAs' started by gaurav_bindlish, Apr 9, 2003.

  1. gaurav_bindlish New Member

    Which is the better performing mode of authentication - Windows or SQL Server. Consider the case wherein both modes of security can be applied to a system. Which is a high performance solution?

  2. FrankKalis Moderator

    well, ... I haven't done scientific calculations on this, but I have tried both method and didn't noticed any significant performance difference (if at all?). I think the authentication method is more security related, but I'm willing to learn. <br />As we use "my" SQL Server only for internal access, NT authentication works best for me. So the users do not have to care about their passwords. That means they can not forget SQL Server password and call me for help [<img src='/community/emoticons/emotion-5.gif' alt=';)' />] With external use (web access?) I can't tell for sure but I would prefer SQL authentication. <br /><br />HTH<br /><br />Cheers,<br /><br />Frank
  3. satya Moderator

    On an Enterprise network I believe Windows Authentication is powerful than mixed mode. Being you can control from OS level for the groups/roles for SQL Server.

    As Frank referred I don't think there are any benchmarks available for both the modes. Rather books online explains the usage and process for these modes.

    Satya SKJ
  4. Stef New Member

    It's worth mentioning that the password security of SQL Server Authenication is pretty poor (search BugTraq <a href='http://www.securityfocus.com/search' target='_blank' title='http://www.securityfocus.com/search'<a target="_blank" href=http://www.securityfocus.com/search>http://www.securityfocus.com/search</a></a>); Microsoft recommends Windows Authentication as the secure solution. And like Satya And Frank both say, it's a lot easier and more flexible to administer anyway, so go for it [<img src='/community/emoticons/emotion-1.gif' alt=':)' />]
  5. FrankKalis Moderator

    There are a lot of White papers regarding SQL injection and cracking SQL server passwords out there (Bugtraq is an excellent source), but if you read these papers and adhere the recommendations (database AND application development!) that are made, I think SQL Server is fairly secure (at least not so easy to hack).


  6. Argyle New Member

    There is no performance difference as far as I know unless you have a really slow domain controller. Both methods can make use of connection pooling. The only "problem" that I can see is if you implement say an intranet site where every single user uses their own domain account to login with and their individual accounts have different access in the database (in other words their windows accounts are added to the sql server). This means that every user will create their own connection pool since the connection strings will be different for each user. If the user doesn't visit often their last connection will most likely no longer be in a pool when they come back and they will initate a "handshake" with sql server again.

    If you on the other hand use individual windows accounts to only check web access, and you control user security in sql via some sql role tables, and the website is configured to connect to the sql server with a single windows account then you get a single connection pool. This should be as fast as a standard sql login.

  7. gaurav_bindlish New Member

    Thanks all for the info... Argyle's argument on connection pooling was excellent.


Share This Page