Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Brian Kelley SQL Server Security: Pros and Cons of Application Roles RE: SQL Server Security: Pros and Cons of Application Roles

  • July 25, 2008 at 11:05 am

    #848601

    Yelena Varshal (7/25/2008)

    One catch here: when the password gets created or modified the real database password could be traced with the Profiler. To run SQL Server Profiler, users must be granted the ALTER TRACE permission per BOL. They can also get the changed passwords from the trace file if the traces are set up and the user has access to the folder where the trace files are stored and has knowledge how to read them etc. But: if the user is that smart maybe he has to be the admin on this server for the first place. 🙂

    Profiler or a server side trace should hide anything using ALTER LOGIN or sp_password, though. Are you running with a particular trace flag or something like that?

    K. Brian Kelley
    @kbriankelley