Re: Why use Win Authentication instead of SQL
From: Hal Berenson (hberenson_at_predictableit.com)
Date: 11/11/05
- Previous message: Otis Bricker: "Why use Win Authentication instead of SQL"
- In reply to: Otis Bricker: "Why use Win Authentication instead of SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Nov 2005 20:06:57 -0700
See Authentication in
http://msdn.microsoft.com/SQL/2000/learn/security/default.aspx?pull=/library/en-us/dnnetsec/html/secnetch12.asp#secnetch12_authentication
Note that with SQL Server 2005 the arguments become somewhat fewer since SQL
logins have been greatly enhanced (example, expiration dates, minimum
lengths, lockouts, etc.). But the two key items remain: You are still
embedding passwords in the connection string of your application code (or in
some other non-secure location) and you still transmit them over the
network. Add those to having single-system signon and Windows logins are
still compelling for most scenarios.
-- Hal Berenson, President PredictableIT, LLC www.predictableit.com "Otis Bricker" <obricker@my-dejanews.com> wrote in message news:Xns970AC280EEFE2obrickermydejanewsco@207.46.248.16... > Could anyone point me towards a document that itemizes the security > advantages of using Windows Authentication rather than SQL Server logins? > Preferably something from MS directly. > > I need some ammo to deal with a request that we stop using Windows in > favor > of logins. As if the ability to control and change passwords in one place > wasn't enough. > > Thanks. > > Otis B.
- Previous message: Otis Bricker: "Why use Win Authentication instead of SQL"
- In reply to: Otis Bricker: "Why use Win Authentication instead of SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
