Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2002

    Unanswered: Windows authentication vs. SQL authentication

    What's the better security to use? Currently I'm always registering using the Windows authentication. When I'm trying to register using SQL authentication I always get "Login failed for user 'sa'" error....
    Last edited by SaLaMaLaYcUm; 07-30-04 at 01:08.

  2. #2
    Join Date
    Nov 2002
    Windows Authentication is the better route with regard to security but there other things you need to consider. For example, SQL Server can be installed to use either 'Windows Only' or 'Windows and SQL Server' (mixed) security. You can see which applies under server properties but mixed mode is probably the most common. If you're using mixed mode and you can't authenticate using SA, it is mostly likely because the SA password isn't what you think it is.

    SQL Server security using SQL Logins isn't so great because SQL doesn't do the normal things like enforce password changes, lockout after multiple password attempts and so on. Consider a policy to use Windows authentication in all cases and regularly change your SA password to something complex. From a DBA perspective, one of the problems with Windows authentication is that you can find yourself depending a lot on Windows sys admins to take care of group membership and so on. I think this is one of the reasons why DBA's often retain SQL Logins!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts