Re: Change Password

From: Sue Hoegemeier <Sue_H@xxxxxxxxxxxxx>
Date: Thu, 27 Apr 2006 14:47:29 -0600

No...not a safe practice. Users can change their own
passwords without needing to implement any security changes.
Check books online and look up sp_password.
By default, public has execute permissions on this system
stored procedure. Logins that aren't members of sysadmins or
securityadmins can only change their own passwords. That is
what you would want.

-Sue

On Thu, 27 Apr 2006 11:07:53 -0700, "J"
<IDontLikeSpam@xxxxxxxxxxx> wrote:

I created a SQL login name which I'm specifically intending to use as the
login id that can allow a user to change their own password. I currently
have this login id permission checked off as 'Security Administrators' in
the Server Roles tab but I noticed by checking this off it gives all of the
other security permissions listed. Is there a way to only allow this
specific login id to change passwords but not any other security permission?
Can anyone advise if this is a safe practice or should I be doing a
different approach in letting users change their own passwords?

Follow-Ups:
- Re: Change Password
  - From: J

References:
- Change Password
  - From: J

Prev by Date: Re: Re-configure UDP Port
Next by Date: Permissions on sp_OASetProperty
Previous by thread: Change Password
Next by thread: Re: Change Password
Index(es):
- Date
- Thread

Relevant Pages

Re: three questions
... (root by default) ... The Security check is a separate "letter" to you. ... the login failures sectoin means that you ... mistyped passwords or in some other way attempted to login improperly. ...
(freebsd-questions)
Re: Security controls in a web application
... I do not recall ever seeing a checklist of security procedures but I can tell you that one way that works well is to think like an attacker. ... -> Can I try to login using the same ip without getting banned etc... ... 3.What are default usernames and passwords -> Is it the users first name and the fist letter of his last AKA jamesm or the opposite? ... I'm afraid that my web app is lacking of many security controls. ...
(microsoft.public.security)
RE: passwords in asp pages
... and using integrated security for connecting to the database- this will ... remove cleartext passwords from the files. ... grab the raw asp source from the server. ... to facilitate one-on-one interaction with one of our expert instructors. ...
(Security-Basics)
Re: Oh Dear, Where to start?!
... > sort of security solution? ... > use, passwords, physical security, backup/disaster ... > admin, network admin, tech support, programming, and ... Theres lots of software out there for backups. ...
(Security-Basics)
Re: Change Password
... passwords without needing to implement any security changes. ... public has execute permissions on this system ... login id that can allow a user to change their own password. ...
(microsoft.public.sqlserver.security)