July 1, 2014 at 7:41 am
Hello experts,
I have always heard and read that Integrated security is always good. But why it is better than sql sever user, I could find any good read.
Could anybody point me to resource/resources why one is better than other or not, I will be grateful.
Thanks in advance for your help.
July 1, 2014 at 11:35 am
Have you seen this Microsoft best practices for configuring the authentication mode for SQL Server?
July 1, 2014 at 12:00 pm
Thank you very much for taking time to look into it and answer.
Yes I have looked into it and as I have told it doesn't give any explicit reason why we should not use SQL Login.
I am interested in knowing if there is any security threat or disadvantage of using SQL Logins for application user?
July 1, 2014 at 12:17 pm
Off the top of my head I would say that Windows security is stronger/harder to crack and it's easier to maintain. The experts will need to chime in to tell you the deep reasons.
July 1, 2014 at 12:45 pm
Well, as they say in the trade, it depends.
If you have clients accessing SQL Server from a non-trusted domain, SQL logins is your only option. This includes the case you don't have a domain at all, but only have a workgroup. On the other hand, if all your users are inside the domain, why bother with SQL logins?
In the past (SQL 2000 and earlier), SQL logins were subject to brute-force attacks, but if you enable Windows policy the account will be disabled in such case. (If I recall correctly.)
A big advantage with Windows logins is that all group membership can be managed from the AD. This is not always what you want, but in many cases it is, and it makes your life easier.
[font="Times New Roman"]Erland Sommarskog, SQL Server MVP, www.sommarskog.se[/font]
July 1, 2014 at 1:13 pm
Thank you very much for your response. I do agree with you that if we use Integrated security everything can be managed via AD but my SYS and Network admin says that it will enforce the application dependency on one more thing with fear of single point of failure. So as per them if AD goes down whole all the applications will go down with itself.
Also I have read somewhere that "applications are significantly faster when connecting via SQL authentication". Is it true at all?
These were the reasons I was looking for some resource which can shed more light on it or discusses the pro/cons of each.
July 1, 2014 at 1:18 pm
Neeraj Dwivedi (7/1/2014)
Thank you very much for your response. I do agree with you that if we use Integrated security everything can be managed via AD but my SYS and Network admin says that it will enforce the application dependency on one more thing with fear of single point of failure. So as per them if AD goes down whole all the applications will go down with itself.
That's a point of view I have not heard of or thought of before, but they definitely have a point there when it comes to availability.
Also I have read somewhere that "applications are significantly faster when connecting via SQL authentication". Is it true at all?
I can't see that once you are connected that it matters. For connection it may matter, if the AD works so-so.
[font="Times New Roman"]Erland Sommarskog, SQL Server MVP, www.sommarskog.se[/font]
July 2, 2014 at 8:49 am
Neeraj Dwivedi (7/1/2014)
Thank you very much for your response. I do agree with you that if we use Integrated security everything can be managed via AD but my SYS and Network admin says that it will enforce the application dependency on one more thing with fear of single point of failure. So as per them if AD goes down whole all the applications will go down with itself.
We have a fail over Domain Controller so AD does not go down.
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply