SA login | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

SA login

I was told that SA id is a very important id and shouldn’t be used at all. Why SA password is important? When do we need to us it? My server has a very simple guess able password (inheriting from previous DBA). Is it dangerous? CanadaDBA
Yes. I recommend using Windows Authentication only (if possible) – then sa becomes irrelevant. But if you must have mixed or standard authentication, it’s best to rename sa, remove it – or, at the very least, use a hard, secure password with a mixture of case, alphanumeric, etc.
Tom Pullen
DBA, Oxfam GB
Part of the reason for securing sa is accountability. If you want to know who made some change or is is logged on right now, knowing the answer is sa is not very helpfull. DBA’s should have their own id with sysadmin authority. ‘Sa’ can be used if there is some problem with the ids assigned to individuals otherwise it should not be used.
Is there a link to provide these information classified? CanadaDBA
You may find more information on this security part fromhttp://www.microsoft.com/security links. http://www.nextgenss.com/papers/cracking-sql-passwords.pdf article for new routines of password. HTH
Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
]]>