Sunday, March 11, 2012

Blocking sa user

Hi All,
I have a hypothetical scenario. I have few developers who all know the sa password. I want to block one developer from accessing the SQL server eventhough he knows the sa password.

Do we have any mechanism in SQL Server 2000 to block client based on the IP address of the client?

SQl Server is installed on Windows 2000 server. It uses SQL Server & Windows authentication.

Regards,
AnandChange the sa password|||Thanks for the reply.
I know that would be the best alternative :)
But currently I am not in a position to change it immediately.

Can you suggest something else

Regards,
Anand|||sa login is built-in login as well as assigned sysadmin fixed server role. You can change sa password, but if someone knows the password he/she can login the SQL Server.

Use mixed mode security or give separate SQL Login to the developers with the db_owner or db_ddladmin database role, according to your requirement.|||How about VPN, router settings, IP or MAC filtering?|||You can filter ports to keep an IP address from making any connection to a SQL Server database, but that's rather drastic for limiting a developer. There are solutions to this problem, but all of the ones that I can think of require intimate knowledge of the problem... I don't know of any generic answer to this kind of problem.

-PatP|||change the f'n sa password

sa shouldn't be used...some writers have even suggested creating a very strong password...write it down, put it in a safe and never use it..and create a new, "unknown" login that has sa rights|||change the f'n sa password

sa shouldn't be used...some writers have even suggested creating a very strong password...write it down, put it in a safe and never use it..and create a new, "unknown" login that has sa rights

Yep. First thing I do. Select newid() (on a different server). Copy and paste results into the install screen. Forget about it. Never use sa for anything.

Regards,

hmscott|||Yep. First thing I do. Select newid() (on a different server). Copy and paste results into the install screen. Forget about it. Never use sa for anything.

Regards,

hmscott

Humm... really unique password..! :rolleyes:
Posted by Flores at 8:27 PM
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)