We recently started to receive complaints about our install project not
working and giving and shitload of error messages related to SQL. We
later found out that the problem was the users we were trying to bind
to we're not created because of the domain password policy feature
implemented into SQL Server 2005.
After much dabbling around the SQL scripts that created the database
structure, we came to the conclusion that only this piece of code could
correct our problem :
CREATE LOGIN mynewuser WITH PASSWORD = '', CHECK_POLICY = OFF,
CHECK_EXPIRATION = OFF
This runs perfectly fine on SQL2005, but not on SQL2000. We have been
searching for a way to have code in SQL files executed on install that
doesn't fail to compile when run against the server and that will
bypass the password policy in case it's a SQL Server 2005...
Right now we are testing a feature available in MSI that can filter
scripts not matching a database version, but the problem with this, is
that we are missing a lot of features that InstallShield has. In short,
we need Help to fix this issue and be able to continue with
development.
In hopes to receive a a prompt anwserOh and by the way, the SQL2000 code we use is the following:
exec sp_addlogin N'mynewuser', null, @.logindb, @.loginlang
PS : @.logindb and @.loginlang are valid variables that contain correct
info for this SP to work|||crazyone wrote:
Quote:
Originally Posted by
Oh and by the way, the SQL2000 code we use is the following:
>
exec sp_addlogin N'mynewuser', null, @.logindb, @.loginlang
>
PS : @.logindb and @.loginlang are valid variables that contain correct
info for this SP to work
Why not just set a sensible password to start with? The same password
for each login if you like (anything must be better than a blank
password). Have you ever had a security audit?
Otherwise I think having two versions of your code may be your only
option.
--
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/...US,SQL.90).aspx
--|||My boss produced the code linking to the database with THAT user, it's
a read-only user but doesn't have password. I don't feel it's safe too,
but my boss doesn't want to recode the app to change the password, but
he does want me to spend (up to now) 20 hours to remake the install
software and the sql scripts... strange no?
No comments:
Post a Comment