SA user with NULL password . IMPACT | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

SA user with NULL password . IMPACT

HI can anyone tell me whts the issues in leavin SA user password as blank . IF possible try to explain each . thank you.
i think there will not be any major issues leaving sa login with blank password.
Only the thing is u will keep ur database at risk as any anonymous user with sa login can access the database and can delete objects.
Even microsoft recommends Windows NT login or sa with some password.
refer to this link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/comsrv2k/htm/cs_dp_deploy_fkoj.asp
… in the generic terms… it is like welcoming the trouble to trouble the server. Since Sp3a of SQL server, MS is not allowing to leave the SA password as blank. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
There are a number of viruses that target SQL Server with blank or weak password on ‘sa’. Never use a blank password.
You are inviting for trouble.
http://www.sql-server-performance.com/vk_sql_security.asp says
Prefer Windows authentication to mixed mode. If mixed mode authentication is inevitable, for backward compatibility reasons, make sure you have complex passwords for sa and all other SQL Server logins. It is recommended to have mixed case passwords with a few numbers and/or special characters, to counter the dictionary-based password guessing tools and user identity spoofing by hackers
quote:Originally posted by gkrishn HI can anyone tell me whts the issues in leavin SA user password as blank . IF possible try to explain each . thank you.
]]>