Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2003
    Posts
    95

    Unanswered: Security Concern - How to remove hardcoded passwords?

    I would like to eliminate all hardcoded login ids and passwords and would like to know what other companies are doing to address this issue. I know a job scheduling software package is the ideal solution, but until dollars become available I need a short-term solution. We've tossed around the idea of using system variables.

    Any recommendations?

    Thanks, Dave

  2. #2
    Join Date
    Feb 2002
    Location
    Houston, TX
    Posts
    809
    Have you tried using NTAuthentication?

    I use the NT Task Scheduler to run my jobs and use NT Authentication when a job runs DTS, BCP or OSQL.
    Paul Young
    (Knowledge is power! Get some!)

  3. #3
    Join Date
    Feb 2003
    Posts
    109

    NT / integrated authenticaion rocks

    i used to be a skeptic-- and sometimes it causes wierd problems within Access Data Projects--

    and try to figure out how to make DBO own all of the objects--

    otherwise integrated authentication rocks!!
    Access 2002 ADP Rocks my World

    Long live SQL Server and 64bit Windows!!!

  4. #4
    Join Date
    Jan 2003
    Posts
    95
    You touched on the part I'm not sure how to address. If I use NT authentication is the domain id of the person logged into the system being used or is the sql server service account being passed to the scheduled job. I assume it's the service account, otherwise we would have to have the server always logged on.

    In either case, how do I ensure that the domain id has the correct database permissions? I don't want to create a domain account with domain admin permissions since that creates some security risks. I believe that leaves creating an account that is added to every database as dbo.

    Thanks, Dave

  5. #5
    Join Date
    Feb 2003
    Posts
    109

    well the account isnt named dbo. thats the owner.

    its like--

    We are american. There is no single person named 'America'-- but we are owned by america.

    Thus when someone refers to me, they refer to American.AaronKempf

    select * from American.AaronKempf--


    doing NT is great, and it is easy-- i just dont have a ton of time to help.

    id check www.sqlservercentral.com for a couple quick articles on integrated authentication (and a more technical understanding of this whole 'ownership issue')
    Access 2002 ADP Rocks my World

    Long live SQL Server and 64bit Windows!!!

  6. #6
    Join Date
    Feb 2002
    Location
    Houston, TX
    Posts
    809
    When you run a scheduled job under SQL server's job scheduler it is running under the SQL Server Agent service. You can set this to log in with any ID you choose. All jobs will run with the SQL Server Agent credentials.

    If you don't want to give your SQL Server Agent Server Admin permission then dbo would be next, you will need to set this up once on all databases and add the id to the model db that way when you create a new database the permissions will already be in effect.
    Paul Young
    (Knowledge is power! Get some!)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •