GilaMonster (7/31/2014)
Michael Valentine Jones (7/31/2014)
The last vendor I had to deal with had an application that required the use of a specific SA password to connect to the database on a specifically named (non-default) instance. Having an application use a hard coded SA password is really bad security, but it's just some medical application, so no big deal. :crying:...
Another vendor application (for a building security system) required the use of a blank SA password so I guess it can always get worse.
That's when you rename the sa login to something which sounds useless, disable it and create a new login called 'sa' with just the permissions you want it to have.
Want sa? Sure, just gimme a couple minutes...
RickRoll them in the best way possible.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events