<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Advertise
Write for us
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2005
»
SQL Server 2005 Security
»
Passwords
11 posts, Page 1 of 2
1
2
»»
Passwords
Rate Topic
Display Mode
Topic Options
Author
Message
Jason Shadonix
Jason Shadonix
Posted Friday, January 25, 2008 2:43 PM
SSC Eights!
Group: General Forum Members
Last Login: Yesterday @ 1:01 PM
Points: 925,
Visits: 1,273
How do you store your passwords to service accounts, sql users, etc?
We have a rather non-secure way of storing ours currently and are looking for a better solution. I've seen a few products that do it for you, but was curious what others are doing.
Thanks,
Jason
Jason Shadonix
MCTS, SQL 2005
Post #447834
KenpoDBA
KenpoDBA
Posted Friday, January 25, 2008 4:39 PM
Old Hand
Group: General Forum Members
Last Login: Friday, September 11, 2009 9:50 AM
Points: 308,
Visits: 235
I actually wrote my own that I'll be putting on the market fairly soon.
Watch my free SQL Server Tutorials at:
http://MidnightDBA.ITBookworm.com
Read my book reviews at:
www.ITBookworm.com
Blog Author of:
Database Underground --
http://www.infoworld.com/blogs/sean-mccown
DBA Rant –
http://dbarant.blogspot.com
Post #447875
David_Simpson
David_Simpson
Posted Monday, January 28, 2008 8:47 AM
SSChasing Mays
Group: General Forum Members
Last Login: Wednesday, March 17, 2010 2:22 PM
Points: 701,
Visits: 614
I use Password Safe. http://passwordsafe.sourceforge.net/
David
Post #448378
Joe Clifford
Joe Clifford
Posted Tuesday, January 29, 2008 12:54 AM
SSC-Addicted
Group: General Forum Members
Last Login: Friday, December 25, 2009 2:21 PM
Points: 422,
Visits: 542
Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe. That way when you get hit by a truck nobody has to try to crack your password safe...
There are also some neat appliances that will provide you or other admins with one time passwords for access to resources based on AD group membership - you need a key/password it gives you the current password, your time is up/ticket expires and the password is automatically changed. A little scary in some regards but a pretty neat idea.
Joe
Post #448712
David_Simpson
David_Simpson
Posted Tuesday, January 29, 2008 7:48 AM
SSChasing Mays
Group: General Forum Members
Last Login: Wednesday, March 17, 2010 2:22 PM
Points: 701,
Visits: 614
Joe Clifford (1/29/2008)
Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe.
I agree with Joe... whatever you use to store the passwords electronically, always keep a safe physical copy of your password list... you never know when you might need it ;)
David
Post #448858
Steve Jones - Editor
Steve Jones - Editor
Posted Tuesday, January 29, 2008 8:37 AM
SSChampion
Group: Administrators
Last Login: Yesterday @ 8:26 PM
Points: 23,166,
Visits: 6,925
Password Safe here. I''ve done the envelope thing and given it to a non-technical person, like the CFO or director.
However these days I'd copy the PWDSafe files and put them on a flash drive and give that to the person for safekeeping.
Post #448906
Ewan Hampson
Ewan Hampson
Posted Tuesday, January 29, 2008 9:52 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Wednesday, March 17, 2010 5:30 AM
Points: 124,
Visits: 1,003
Hey, what other use have you people found for that whiteboard?
ouch - I was just kidding
Post #448973
EdVassie
EdVassie
Posted Wednesday, January 30, 2008 4:00 AM
SSCrazy
Group: General Forum Members
Last Login: Wednesday, March 17, 2010 7:29 AM
Points: 2,019,
Visits: 1,653
First of all, you need to comply with site standards. Many sites classify passwords for service accounts, etc, as Type 1 data (your Security team will tell you what Type 1 means). Breaches of handling policy for Type 1 data normally result in disiplinary action.
One method I have seen that complies with Type 1 handling policies is an encrypted Word document. Recent versions of Word support 128-bit encryption.
In Word, go to Tools -> Options. Click the Security tab, then the Advanced button. Select your desired encryption method (your site may have a mandate on what should be used), and set the key length to 128. This allows you to share the passphrase needed to open the document within the DBA team, and to change the passphrase at regular intervals. It can be cheaper and easier to user than some other methods.
Author:
SQL Server FineBuild
1-click install and best practice configuration of SQL Server 2005, 2008, and 2008 R2.
24 February 2010
: now over 9,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #449254
K D Antonacci
K D Antonacci
Posted Wednesday, January 30, 2008 6:35 AM
Forum Newbie
Group: General Forum Members
Last Login: 2 days ago @ 6:26 AM
Points: 4,
Visits: 35
we use phpchain, now called PasswordChain. it's great for keeping all our password info. we have a group account for common password stuff (i.e., SQL passwords, server login passwords, common app passwords, etc.). then we each have individual accounts so we can keep our own stuff separate. we love it.
http://sourceforge.net/projects/phpchain
Happy is as Goofy does!
Post #449331
Ross McMicken
Ross McMicken
Posted Wednesday, January 30, 2008 1:51 PM
SSC Veteran
Group: General Forum Members
Last Login: Wednesday, March 17, 2010 8:30 AM
Points: 288,
Visits: 1,026
We have an in house developed program that lets users check passwords in and out for privileged ID's. The program lets you select the ID, then you click Check Out and the password is displayed. A support ticket number and explanation for the use fo the ID are required, and appear in control reports at month end. Once use of the ID is finished, the user selects the ID in the app, then clicks on Check In. the app then uses the Active Directory API to change the password for the ID to a new random value. Works very well.
Post #449676
« Prev Topic
|
Next Topic »
11 posts, Page 1 of 2
1
2
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2010 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use
