SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Can it be possible SQL Login creation with an empty password


Can it be possible SQL Login creation with an empty password

Author
Message
mohan.bndr
mohan.bndr
Mr or Mrs. 500
Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)

Group: General Forum Members
Points: 514 Visits: 481
Hi

I would like to know that, Is that possible to create SQL Login with blank password in SQL Server...

Please advise !!!
HanShi
HanShi
SSCrazy Eights
SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)SSCrazy Eights (8.7K reputation)

Group: General Forum Members
Points: 8718 Visits: 3718
Yes, it's possible. But is is a real security risk and never -ever- recommended. Are you really sure you can not define a password?

This is how you do it:
1.) In the GUI don't enter a password and clear the checkbox "enforce password policy".
or
2.) With T-SQL:
CREATE LOGIN [login_name] WITH PASSWORD=N'', DEFAULT_DATABASE=[database_name], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF



** Don't mistake the ‘stupidity of the crowd’ for the ‘wisdom of the group’! **
mohan.bndr
mohan.bndr
Mr or Mrs. 500
Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)Mr or Mrs. 500 (514 reputation)

Group: General Forum Members
Points: 514 Visits: 481
Thanks all you guys for responding,but I believe in the older version of SQL Server (200 and below) can only possible.... am i correct ? and for SQL 2005 onwards this has been changed and will not allow to have blank password. Please correct me if any information on this...


Great Persons ...Good Involvement
Sean Lange
Sean Lange
SSC Guru
SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)

Group: General Forum Members
Points: 63432 Visits: 17966
mohan.bndr (7/24/2013)
Thanks all you guys for responding,but I believe in the older version of SQL Server (200 and below) can only possible.... am i correct ? and for SQL 2005 onwards this has been changed and will not allow to have blank password. Please correct me if any information on this...


Great Persons ...Good Involvement


Did you try it? The code posted will generate a login with a blank password.

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Modens splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
Eric M Russell
Eric M Russell
One Orange Chip
One Orange Chip (29K reputation)One Orange Chip (29K reputation)One Orange Chip (29K reputation)One Orange Chip (29K reputation)One Orange Chip (29K reputation)One Orange Chip (29K reputation)One Orange Chip (29K reputation)One Orange Chip (29K reputation)

Group: General Forum Members
Points: 29335 Visits: 11530
mohan.bndr (7/24/2013)
Thanks all you guys for responding,but I believe in the older version of SQL Server (200 and below) can only possible.... am i correct ? and for SQL 2005 onwards this has been changed and will not allow to have blank password. Please correct me if any information on this...

Yes, it is technically possible to have a SQL Server account with blank password, I saw this the other day on a SQL Server 2008 R2 instance. Perhaps it was an artifact left over from a 2000 -> 2005/2008 migration, but it was there.

For identifying weak SQL Server accounts, I use the following:

-- There are several frequently used password lists posted on the web. 
-- Here are a few, but perhaps 100 or more could be inserted here.
declare @pw table (pwtext varchar(180) not null primary key);
insert into @pw (pwtext)
values ('password'), ('123456'), ('12345678'), ('1234'), ('qwerty'), ('12345');
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins l
join @pw pw on pwdcompare(pw.pwtext, l.password_hash) = 1;

-- Query accounts with empty password:
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins
where pwdcompare('', password_hash) = 1;

-- Query accounts where password = account name:
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins
where pwdcompare(name, password_hash) = 1;




"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search