Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
tbrothers
Yak Posting Veteran
83 Posts |
 Posted - 2012-08-28 : 14:50:50
|
| We just went through an external audit with Ernst and Young and they stated it is best practice to use Active Directory logins vs. SQL logins. Is that true and if so ... why?Thanks,Terry |
|
|
chadmat
The Chadinator
1974 Posts |
Posted - 2012-08-28 : 14:54:44
|
| Yes, it is true, because AD Logins are typically more secure. I find that in most cases it is impractical though because most applications require SQL Logins.-Chad |
 |
|
|
komkrit
Yak Posting Veteran
60 Posts |
Posted - 2012-08-28 : 16:04:25
|
| SQL Logins, you usually hard-code login/password into app's configuration somewhere such as web.config or connection string.If someone know this path and directly access it, database is not secured.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Komkrit YensirikulWelcome for all questions. Let us know if our solution solved your problem. |
|
|
|
komkrit
Yak Posting Veteran
60 Posts |
Posted - 2012-08-28 : 16:08:11
|
| Some viruses/trojan have ability to detect web.config, connection string and automatic gather this information.Because it's just a plain text.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Komkrit YensirikulWelcome for all questions. Let us know if our solution solved your problem. |
|
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
Posted - 2012-08-29 : 04:41:55
|
| The other reason why AD logons are best practise is : if a person leaves an organisation , then the START\ LEAVE can be managed via the AD. I'd recommend you don't add individual AD logons to a SQL Server Instance - but AD groups - it's easier to manageJack Vamvas--------------------http://www.sqlserver-dba.com |
|
|
|
|
|
|
Best Practice for Logins