Re: Change Password

No problem...thanks for posting back.

-Sue

On Thu, 27 Apr 2006 16:31:46 -0700, "J"
<IDontLikeSpam@xxxxxxxxxxx> wrote:

Actually I just found out that I just needed to remove the last parameter of
supplying the login id and it worked fine.

Thanks again :-)

J


"J" <IDontLikeSpam@xxxxxxxxxxx> wrote in message
news:eMPVF0kaGHA.3532@xxxxxxxxxxxxxxxxxxxxxxx
Thanks a bunch for your reply Sue. I really appreciate it.

When you mean the Public role are you referring to the Public role in my
user defined database or the master database? I tried to execute
sp_password from my .asp page to change my own password being logged in as
a regular database user and am getting the following error message:

'Only members of the sysadmin role can use the loginame option. The
password was not changed.'

Thanks Sue.

J


"Sue Hoegemeier" <Sue_H@xxxxxxxxxxxxx> wrote in message
news:g8b2529vut87cmv4491mgimg07lfnr6ve4@xxxxxxxxxx
No...not a safe practice. Users can change their own
passwords without needing to implement any security changes.
Check books online and look up sp_password.
By default, public has execute permissions on this system
stored procedure. Logins that aren't members of sysadmins or
securityadmins can only change their own passwords. That is
what you would want.

-Sue

On Thu, 27 Apr 2006 11:07:53 -0700, "J"
<IDontLikeSpam@xxxxxxxxxxx> wrote:

I created a SQL login name which I'm specifically intending to use as the
login id that can allow a user to change their own password. I currently
have this login id permission checked off as 'Security Administrators' in
the Server Roles tab but I noticed by checking this off it gives all of
the
other security permissions listed. Is there a way to only allow this
specific login id to change passwords but not any other security
permission?
Can anyone advise if this is a safe practice or should I be doing a
different approach in letting users change their own passwords?






.

Relevant Pages

  • Re: three questions
    ... (root by default) ... The Security check is a separate "letter" to you. ... the login failures sectoin means that you ... mistyped passwords or in some other way attempted to login improperly. ...
    (freebsd-questions)
  • Re: Security controls in a web application
    ... I do not recall ever seeing a checklist of security procedures but I can tell you that one way that works well is to think like an attacker. ... -> Can I try to login using the same ip without getting banned etc... ... 3.What are default usernames and passwords -> Is it the users first name and the fist letter of his last AKA jamesm or the opposite? ... I'm afraid that my web app is lacking of many security controls. ...
    (microsoft.public.security)
  • Re: Change Password
    ... passwords without needing to implement any security changes. ... public has execute permissions on this system ... login id that can allow a user to change their own password. ...
    (microsoft.public.sqlserver.security)
  • Re: Change Password
    ... When you mean the Public role are you referring to the Public role in my ... passwords without needing to implement any security changes. ... login id that can allow a user to change their own password. ...
    (microsoft.public.sqlserver.security)
  • Re: questions on setting up a mail server
    ... standard method built in to the protocol) require Cyrus SASL. ... use your existing user passwords. ... passwords held in plain text - the sasldb. ... PLAIN is the preferred protocol according to the docs and RFCs - LOGIN is ...
    (freebsd-questions)