Results 1 to 10 of 10
  1. #1
    Join Date
    Mar 2004
    Location
    UK
    Posts
    26

    Unanswered: SQL 2005 - ignore policy to allow blank password

    I've legacy code that requires a blank password for a SQL Server login.
    This works fine on 2000 or 7.

    How can you allow blank passwords on SQL Server 2005 without changing the windows policy?
    Is there a stored procedure to do this?
    I know you can now use CREATE LOGIN and set CHECK_POLICY to no on SQL 2005 when creating logins, but this needs to run on SQL Server 7/2000 and so its using sp_addlogin.
    (NB: I can't easily change the legacy code to work conditionally on SQL Server 2005)

  2. #2
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    Legacy code that requires a blank password?

    Run away!

    What could possibly require this?
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  3. #3
    Join Date
    Jun 2003
    Posts
    269

    Cool

    Quote Originally Posted by Brett Kaiser
    Legacy code that requires a blank password?

    Run away!

    What could possibly require this?
    lol I like it
    I love cursor,though I never use it.Cos' I dont want to misuse it.
    ----------------------------------------------

    ----cheers
    ----http://mallier.blogspot.com

  4. #4
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Legacy code that requires the SA account?

    Run away!

    Applications have NO business using SA in the first place, let alone requiring it to have a NULL password.

    See if you can set up a dedicated account with the necessary priveleges and no password, and get the application to use that instead. Call it the "essay" account, say it real fast, and maybe the client software won't know the difference.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  5. #5
    Join Date
    Mar 2004
    Location
    UK
    Posts
    26

    not sa

    I'm not talking about sa, I agree that would be stupid and leave the system open to hackers.

    I'm thinking the only way is to use
    CREATE LOGIN <username> WITH PASSWORD='', CHECK_POLICY = OFF
    in 2005 and the usual in 2000.
    I must have imagined a setting that lets you use blank passwords...
    thanks.

  6. #6
    Join Date
    Mar 2004
    Location
    UK
    Posts
    26

    not sa

    I'm not talking about sa, I agree that would be stupid and leave the system open to hackers.

    I'm thinking the only way is to use
    CREATE LOGIN <username> WITH PASSWORD='', CHECK_POLICY = OFF
    in 2005 and the usual in 2000.
    I must have imagined a setting that lets you use blank passwords...
    thanks.

  7. #7
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Sorry. Misread you original post. Believe it or not, I have run across vendor applciations that require the use of the SA account.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  8. #8
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    OK......

    But, what is the requirement that the legacy code needs a blank password.

    Fine, it's not sa, but it is stil a recipe for disaster, no?
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  9. #9
    Join Date
    Mar 2004
    Location
    UK
    Posts
    26
    The login has read-only access to very limited information.
    Its a way of getting some stuff out of the database without having to know any login details, before the user logs in.
    If someone did get hold of the login name, the worse they could do would be to read some encrypted data.

  10. #10
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    No, the worst the could do (and let's assume it's execute only to sprocs, but I doub't it), that I set up about 20 QA Sessions, and set loops to run in an infinite loop...

    Forget QA, because I could take down my client. Let's say I set the client up to spawn osql executions on every open client I find and do the same thing?

    TIMBER
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •