December 7, 2009 at 9:10 pm
Hi again, will there be any problem if i change my sql server 2000 authentification mode from mixed mode to windows authentification? will it not affect the applications connected to it?
Thanks
Dominic
December 7, 2009 at 9:19 pm
First what is the reason for this move to Windows only Authentication Mode.
Have you checked if there are users who are using the SQL Login. If you move to windows authentication mode, the SQL Logins will all fail, that might be Development Users, other DBAs, application and DTS packages etc.
Changing authentication mode needs to be done when it has been identified and decided why and for what reason it is required.
Do you have the answer for this?
Blog -- LearnSQLWithBru
Join on Facebook Page Facebook.comLearnSQLWithBru
Twitter -- BruMedishetty
December 7, 2009 at 9:25 pm
I agree all those questions need to be answered, I have found that it is fairly rare to be in Windows only authentication . I have only had a few servers that could do that and they were all little..
CEWII
December 7, 2009 at 10:06 pm
Hi, for our Internal Audit findings. They find Windows authentification mode more secure than mixed mode.
December 7, 2009 at 10:10 pm
I tend to agree however most organizations end up having to live with mixed mode. And their audit group learns to live with it..
CEWII
December 8, 2009 at 12:55 pm
Hi, for our Internal Audit findings. They find Windows authentification mode more secure than mixed mode.
That is a matter of opinion. Yes, mixed mode can allow access to users without a domain/local system account, but that does not make it less secure by default. In my opinion that is just as insecure as a database/instance with granted access to users who have no need for access.
If your application has a need for mixed mode, then the finding should be able to be identified as a documented deviation of policy with the need and acceptance of risk identified. Your security guys probably will not like the idea, but if users need access to a database from outside the organization, it is more secure than giving them an account on your network.
Joie Andrew
"Since 1982"
December 8, 2009 at 1:11 pm
The reality of the IT world often changes these things. There are a great number of cases where it is just as unpalatable to use windows security. I know of few web appplications that use windows security, not to say they don't exist and that it never makes sense, but for man if not most cases it doesn't make sense.
As said before, audit groups learn to live with it, because they don't really have a choice..
CEWII
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply