Re: Windows Authentication security question

J
Your question is not really wierd - you should read some of them <g>

There seem a couple misnomers in your post.

There is no "Windows basic authentication"
I will assume that you intended to indicate use of SQL internal accounts.

You also say communication over the network is more secured when
using basic authN within SSL. This is probably not true, especially if
less than SSL 3.0 Windows integrated uses a challenge response
sequence that makes use of knowledge of the password hash, but the
sequence itself cannot be used to get the hash and it is also resistant
to replay usage. It is probably more secure than the other even with the
best level of SSL/TLS (but the "more" is arguable, i.e. if neither could be
cracked then which is "more" secure?)

If your question is about what authN to allow a SQL Server to use, there
really is little choice except to allow both, at least for most general use
SQL services, since you will run on situations that cannot be dovetailed
into using a Windows integrated model (like Sharepoint websites!!), etc.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"J" <IDontLikeSpam@xxxxxxxxxxx> wrote in message
news:ughXXsV7GHA.3384@xxxxxxxxxxxxxxxxxxxxxxx
Hello. Sorry if this is a novice or weird question but I was just
wondering if in general having a Windows integrated authentication to a
SQL Server database has more security than Windows basic authentication
wrapped with https/ssl? I know the data in communication over the network
is more secured with the basic authentication/ssl method but was wondering
more on a user name and password level since integrated sends a hash/token
I believe where as basic authentication wrapped with ssl is totally
encrypted.

Thanks in advance.

J



.

Relevant Pages

  • Re: Login Page
    ... Not sure what this has to do with SQL Server? ... You can mark a site, virtual directory, or folder as secured by Windows ... Authentication by turning off anonymous access. ... > I am looking for a way to make my website secure. ...
    (microsoft.public.sqlserver.server)
  • Re: Basic Authentication Not Working on Domain - Please Help
    ... names and passwords by logging into windows. ... In this instance basic authentication for my ... if I make the server a domain conrtroller or make ... webpages. ...
    (microsoft.public.inetserver.iis.security)
  • RE: IIs Basic authentication and a Windows XP client problems
    ... Are you trying to open a document when connecting to this folder? ... noticed that Windows XP was not sending the Basic authentication header, ... while Windows 2000 clients did. ... We though it might be our Webdav server not responding correctly to ...
    (microsoft.public.inetserver.iis.security)
  • Re: Jet vs. Sql Server Express
    ... > companies I work with require a secure paradigm--one that the IT ... I think you mean SQL Server Express Edition, not SQL Server Mobile Edition. ... Microsoft Windows XP Tablet PC Edition, ...
    (microsoft.public.dotnet.framework.adonet)
  • Trouble Publishing to IIS
    ... Authentication to Basic Authentication. ... try entering either a space or the local computer name as ... >When I attempt to publish to it from a local Windows ME ... >computer on the intranet running FrontPage 2002 client, ...
    (microsoft.public.inetserver.iis)
Loading