I'm writing some software for clients and the connection is done via de username passwd methode, not windows authentication. One of the salespeople is creating FUD now, talking about a "major security leak" because, if someone has the username / password, he can view the data in the mssql database. ( seems normal to me for a username/password combination - winNT or not - but this news can be shocking to the uninitiated)
Is there any paper on his comprehensionlevel that deals with this issue?
Or you've got an opinion on this?
Well, if someone has a window's username and password, they can ALSO see the data if they connect while using windows authentication.
The major advantage of using Windows authentication is to make system administration easier. If you require strong passwords (and do not release the user names/passwords), there should not a major "Security Leak" in either case.
"Lisa, in this house, we obey the laws of thermodynamics!" - Homer Simpson
"I have my standards. They may be low, but I have them!" - Bette Middler
"It's a book about a Spanish guy named Manual. You should read it." - Dilbert