Post reply

Protecting sa

  • March 30, 2016 at 1:08 am

    #1868490

    I tend to use a GUID for the password. Simple, straightforward and has approximately 5,300,000,000,000,000,000,000,000,000,000,000,000-ish combinations.

    Only issue is to remember which post-it-note it was :rolleyes:

  • April 2, 2016 at 8:19 am

    #1869307

    We created an process that used our inventory to connect to all instances once per week and change the password to a randomly generated pwd between 64 and 128 chars long. Nice thing was we also used this process to encrypt the new pwd and store in in a location only the DBA's could access if needed. Would have been easy to change to once per day, but our Audit requirements did not dictate that. That process in place we also monitored for three additional things; 1. any type of sysadmin access outside the dba AD group, successful or failed attempts to use SA and immediate alerts when the dba AD group membership changed.

    Hope that helps.

  • April 2, 2016 at 9:12 am

    #1869311

    Yet Another DBA (3/30/2016)

    I tend to use a GUID for the password. Simple, straightforward and has approximately 5,300,000,000,000,000,000,000,000,000,000,000,000-ish combinations.

    Only issue is to remember which post-it-note it was :rolleyes:

    I did a calculation about 6 years ago on that because a lot of people don't understand how massive the numbers are. It works out that if one GUID value is a mile, there are enough values to span the diameter of about 14 quadrillion Milky Way galaxies.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • April 3, 2016 at 5:48 pm

    #1869391

    Jeff Moden (4/2/2016)

    Yet Another DBA (3/30/2016)

    I tend to use a GUID for the password. Simple, straightforward and has approximately 5,300,000,000,000,000,000,000,000,000,000,000,000-ish combinations.

    Only issue is to remember which post-it-note it was :rolleyes:

    I did a calculation about 6 years ago on that because a lot of people don't understand how massive the numbers are. It works out that if one GUID value is a mile, there are enough values to span the diameter of about 14 quadrillion Milky Way galaxies.

    I believe you on the math, mostly because I'm not going to take the time to work it out. There are definitely a lot of possibilities. However, I'm still going to leave it disabled. 😛

    Tally Tables - Performance Personified
    String Splitting with True Performance
    Best practices on how to ask questions

Viewing 4 posts - 46 through 48 (of 48 total)

You must be logged in to reply to this topic. Login to reply