March 17, 2016 at 9:24 am
Auditors have been wanting us to change the password on the SA sql id on a scheduled basis. Someone read a white paper 🙂 Even though our instances are setup for MIX security, we do not use SA when connecting to the instance.
We do have SA as database and Job owners. However all are SYSADMIN work is done using window ids. Occasionally we get a vendor product whose installation just does not seem to work without using SA, which is sad!
Is there any issue with disabling SA and still use it as database and job owners?
Which is more secure disabling SA or changing its password to a random value on a scheduled basis?
David Bird
March 17, 2016 at 10:03 am
Both.
Disable SQL auth if you can.
Change sa regularly. Just in case someone "re-enables" the account/athentication method. I've seen people change the password for a consultant, disable the auth, then forget and have someone enable auth with a known sa password by outsiders.
Do this in a job and forget about it, after disabling auth. If you ever need it, change it that day and then run this job.
DECLARE @pwd UNIQUEIDENTIFIER = NEWID()
, @new VARCHAR(50);
SELECT @new = CAST(@pwd AS VARCHAR(50))
EXEC sp_password @new = @new, @loginame = 'sa'
April 11, 2016 at 12:59 am
This was removed by the editor as SPAM
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply