Re: Windows Authentication security question

Guess I have a little more research to do.

Thanks for your reply Roger. I totally appreciate it.

Take care,

J


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OifXsqY7GHA.2384@xxxxxxxxxxxxxxxxxxxxxxx
J
Your question is not really wierd - you should read some of them <g>

There seem a couple misnomers in your post.

There is no "Windows basic authentication"
I will assume that you intended to indicate use of SQL internal accounts.

You also say communication over the network is more secured when
using basic authN within SSL. This is probably not true, especially if
less than SSL 3.0 Windows integrated uses a challenge response
sequence that makes use of knowledge of the password hash, but the
sequence itself cannot be used to get the hash and it is also resistant
to replay usage. It is probably more secure than the other even with the
best level of SSL/TLS (but the "more" is arguable, i.e. if neither could
be
cracked then which is "more" secure?)

If your question is about what authN to allow a SQL Server to use, there
really is little choice except to allow both, at least for most general
use
SQL services, since you will run on situations that cannot be dovetailed
into using a Windows integrated model (like Sharepoint websites!!), etc.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"J" <IDontLikeSpam@xxxxxxxxxxx> wrote in message
news:ughXXsV7GHA.3384@xxxxxxxxxxxxxxxxxxxxxxx
Hello. Sorry if this is a novice or weird question but I was just
wondering if in general having a Windows integrated authentication to a
SQL Server database has more security than Windows basic authentication
wrapped with https/ssl? I know the data in communication over the
network is more secured with the basic authentication/ssl method but was
wondering more on a user name and password level since integrated sends a
hash/token I believe where as basic authentication wrapped with ssl is
totally encrypted.

Thanks in advance.

J





.

Relevant Pages

  • Re: Windows Authentication security question
    ... There is no "Windows basic authentication" ... It is probably more secure than the other even with the ... If your question is about what authN to allow a SQL Server to use, ... SQL Server database has more security than Windows basic authentication ...
    (microsoft.public.win2000.security)
  • I need some advice from the gurus out there
    ... I have a web application that is using basic authentication. ... requirement to ingest excel files in a standard format, ... excel into a sql server 2000 database if ... (still custom code, but less because we have no file transfer). ...
    (microsoft.public.office.developer.web.components)
  • Re: NTLM and RPC/HTTPS
    ... would I need to enable on SBS2003 to get NTLM to work by default? ... The reason there are no security issues using Basic Authentication (password ... to the SBS is itself encrypted: secure HTTP (HTTPS) over TCP port 443. ...
    (microsoft.public.windows.server.sbs)
  • DSN connection fails when Basic authentication turned on
    ... When I switch on Basic Authentication, ... that pull information from the SQL server fail to make the ... DSN connection with the following message:- ...
    (microsoft.public.inetserver.iis.security)
  • Re: OT. Problem logging into my router
    ... insecure manner." ... That's just Internet Explorer 7 being unnecessarily fussy. ... all my websites using the same 'Basic authentication' still ...
    (alt.radio.digital)
Quantcast