Getting Started with Adobe After Effects - Part 6: Motion Blur


Upload Image Close it
Select File

My Adventures as a SQL Server DBA
Browse by Tags · View All
BRH 16
#SQL Server 5
SQL server 4
realviews 3
sqlserver tools and utilities 3
sql server tools in my environment 3
TSQL 3
#DBA 3
audit 2
tools 2

Archive · View All
April 2011 4
March 2011 3
February 2011 3
November 2010 3
August 2010 2
May 2011 2
September 2010 2
May 2010 1
December 2011 1
July 2011 1

How to find sql login ids with blank password

Nov 23 2010 2:16AM by Malathi Mahadevan   

One of the commonly audited and most risky security issue is to have an id without a password. This can be avoided by turning windows security on for windows authenticated passwords but still those of us who have mixed mode authentication still have to risk having this. One of the most popular tools used to identify a blank password is the Microsoft Security Analyzer – but some environmental dependancies make this tool hard to install plus the DBAs have the additional overhead of applying patches to the tool and maintaining it as well.

So a simple way to monitor blank passwords – in our environment is by setting up a sql agent job that runs every day and writes to the event log when it fails (or in other words finds a blank password). We have an event log monitoring tool that picks up the failure and alerts us immediately. The job can be altered also to send an email or run a custom exe as the case may be. The script we use is:

1 SQL 2005/08
select name from sys.syslogins where pwdcompare('''', password) = 1

2 SQL 2000
select name  from master.dbo.syslogins where isntname = 0 and (password is null or pwdcompare(password,'''') = 1)

Would be interesting to know of more ways to accomplish this.

Tags: BRH, #SQL Server, TSQL, SQL server, security, blank password,


Malathi Mahadevan
74 · 2% · 772
0
Liked
 
0
Lifesaver
 
0
Refreshed
 
0
Learned
 
0
Incorrect



Submit

1  Comments  

  • If you are using SQL Server 2008 or higher, then policy based framework can obtain more details in this regard.

    commented on Jan 26 2011 11:22AM
    Satya Jayanty (@sqlmaster)
    34 · 5% · 1720

Your Comment


Sign Up or Login to post a comment.

    Copyright © Rivera Informatic Private Ltd Contact us      Privacy Policy      Terms of use      Report Abuse      Advertising      [ZULU1097]