Michael Valentine Jones (7/31/2014)
The last vendor I had to deal with had an application that required the use of a specific SA password to connect to the database on a specifically named (non-default) instance. Having an application use a hard coded SA password is really bad security, but it's just some medical application, so no big deal. :crying:...
Another vendor application (for a building security system) required the use of a blank SA password so I guess it can always get worse.
That's when you rename the sa login to something which sounds useless, disable it and create a new login called 'sa' with just the permissions you want it to have.
Want sa? Sure, just gimme a couple minutes...
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability