Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Password

  1. #1
    Join Date
    Apr 2004
    Location
    Melbourne
    Posts
    144

    Unanswered: Password

    How do i get a password from the master database for a sql user account?
    Someone created a password for a sql account and forgot what it was...

  2. #2
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Would you like me to send you a stored procedure that lists all the users and their passwords, and then exports their credit card numbers and bank accounts to a text file and emails it to you, along with the home addresses, telephone numbers, and current salaries of all the business' top officers, and then shuts down the building's alarm system and unlocks the back door while displaying snow on all the closed-circuit TV monitors?

    Well you can't have it. 'Cause its a SECRET! That is what a password is for.

    ASSUMING you are actually a person of responsibility, and are not just jonesing for help breaking into a system, then with SA authority you can reset their password to whatever you (or they) want it to be.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  3. #3
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Quote Originally Posted by jcwc888
    How do i get a password from the master database for a sql user account?
    Someone created a password for a sql account and forgot what it was...
    As a member of the sysadmin group (sa, a domain administrator, and possibly others), you can simply use SQL-EM (Enterprise Manager) or sp_password to forcibly reset the password to whatever you choose.

    -PatP

  4. #4
    Join Date
    Apr 2004
    Location
    Melbourne
    Posts
    144
    blindman. -- that was pretty harsh words.
    i can easily reset the password through enterprise manager but i do not want to break the application.

  5. #5
    Join Date
    Feb 2004
    Posts
    492
    perhaps there's an easier way to get it from the application instead?

  6. #6
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Quote Originally Posted by jcwc888
    blindman. -- that was pretty harsh words.
    i can easily reset the password through enterprise manager but i do not want to break the application.
    I'll conceed that blindman was rather harsh in his response, but consider your request... We don't know you, have no way to know if you are a legitimate admin in a hard place, or yet another teenager that doesn't like the way that their server is being administered and wants to "take it over to run it right".

    You can't exactly expect strangers to be forthcoming with the kind of information that you are requesting... At least not if they are even quasi-responsible people.

    -PatP

  7. #7
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    What kind of application breaks because a password gets reset?
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  8. #8
    Join Date
    Feb 2004
    Posts
    492
    unfortunately, I can name a few. They're usually also the kind a password is badly maintained/known/etc.

  9. #9
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    If I thought real hard I could possibly imagine a more serious design flaw, but I don't have the time right now...
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  10. #10
    Join Date
    Feb 2004
    Posts
    492
    funny thing is, that these programs are often so bad that the passwords are easy to guess

  11. #11
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    Quote Originally Posted by blindman
    but I don't have the time right now...

    Since when?

    Anyway...don't have such a thin skin...you in IT?

    Better get used to it...this is a good place (doesn't show up on the review)

    Anyway, Are you talking about application, SQL Server, Or Mixed Security?

    I wasn't sure.

    And of all of these, only SQL Server security might be needed to maintained by the admin...the rest should be done by the user.

    What gives?
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  12. #12
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    P.S.

    You didn't think that was funny?

    You gotta just get used to it....and since he doesn't know you...how could it be personal?

    It's just bd'ness....
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  13. #13
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Sorry jcwc888, but you also have to realize you are not the first person to post the question "How do I find out a user's password" on this forum.

    Passwords in SQL Server (as in most secure applications) are stored using a one-way encryption algorithm. That means you can't decipher them even if you know the algorithm that was used.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  14. #14
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    Quote Originally Posted by blindman
    Sorry jcwc888, but you also have to realize you are not the first person to post the question "How do I find out a user's password" on this forum.

    Passwords in SQL Server (as in most secure applications) are stored using a one-way encryption algorithm. That means you can't decipher them even if you know the algorithm that was used.
    If you're talking about SQL Server security...then I beg to differ....(the part about not finding out id's and passwords).

    But I'm no snitch...
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  15. #15
    Join Date
    Jul 2003
    Location
    San Antonio, TX
    Posts
    3,662
    ...Yup, have in my possession a couple (at least) of thingies that would do a pretty good job hacking an SA password. In our 120+ server environment managed to identify a couple of thousands of WEAK passwords for non-SA accounts (SA has a pretty good xx-character pwd).

    But that's not the issue. In 6.5 world it was VERY easy, I didn't even save the script because it's too easy to reproduce. In 7.0 and 2K it won't work because as blindman said, it's a "one-way encryption algorythm", so without resetting it you may want to become a hacker for a couple of days (may take longer, depends on the hacking weapon you choose )
    "The data in a record depends on the Key to the record, the Whole Key, and
    nothing but the Key, so help me Codd."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •