Re: Passwords not case sensitive?
From: Jasper Smith (jasper_smith9_at_hotmail.com)
Date: Mon, 31 Oct 2005 21:41:15 -0000
SQL Server 2000 maintains two versions of each login password. One is the
actual password supplied by the user, and the other is the password
converted by to all uppercase letters. This enables case-insensitive
validation of passwords (for case insensitive collations). Although this
behavior is convenient for many users, it makes password-guessing attacks
easier by reducing the number of possible passwords
In SQL 2005 only the actual password is stored. A password entered by a user
must match the password stored in the server (regardless of collation,
however the username can still be in a different case). If a password does
not match the password stored in SQL Server, the login fails. If the precise
case of the password characters is forgotten, the password must be reset.
-- HTH Jasper Smith (SQL Server MVP) http://www.sqldbatips.com I support PASS - the definitive, global community for SQL Server professionals - http://www.sqlpass.org "Ben" <ben_1_ AT hotmail DOT com> wrote in message news:0E632896-37E7-4EA0-8022-5AC2D4230F84@microsoft.com... >I have a server that uses specific login/passwords. And through random > testing i noticed that the passwords are not case sensitive. Can this be > changed so that the passwords ARE case sensitive? > > thanks, > Ben