Changing Authentication modes?

Changing Authentication modes?

Post by cmsgcmlkZX » Fri, 04 Aug 2006 14:08:02


We currently have a sql server 2000 cluster that is running windows
authentication mode. We have an important application that is giving us
trouble so we want to use sql authentication. What if any are the risks of
changing to Windows and SQL authentication on a SQL Server cluster? Could we
really hose something? We're at SP4 too by the way.
 
 
 

Changing Authentication modes?

Post by uttamk » Sat, 05 Aug 2006 03:06:59

You should not hose anything by changing from Windows to Mixed Authentication mode or vice-versa. Any doubts, test it on your test cluster first and then do it on your production cluster.

From SQL Books Online ---

How to set up Mixed Mode security (Enterprise Manager)
--------------------------------------------------------------------------------------

Security Note When possible, use Windows Authentication.


To set up Mixed Mode security

- Expand a server group.
- Right-click a server, and then click Properties.
- Click the Security tab.
- Under Authentication, click SQL Server and Windows.
- Under Audit level, select the level at which user accesses to MicrosoftSQL Serverare recorded in the SQL Server error log:
* None causes no auditing to be performed.
* Success causes only successful login attempts to be audited.
* Failure causes only failed login attempts to be audited.
* All causes successful and failed login attempts to be audited.

Security Note Microsoft recommends auditing, at minimum, failed login attempts. Auditing failed login attempts helps determine if unauthorized users are attempting to access the system.

Best Regards,

Uttam Parui
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Are you secure? For information about the Strategic Technology Protection Program and to order your FREE Security Tool Kit, please visit http://www.yqcomputer.com/

Microsoft highly recommends that users with Internet access update their Microsoft software to better protect against viruses and security vulnerabilities. The easiest way to do this is to visit the following websites:
http://www.yqcomputer.com/
http://www.yqcomputer.com/

 
 
 

Changing Authentication modes?

Post by Arnie Rowl » Sat, 05 Aug 2006 09:07:59

And I would add to guard carefully the username/password for the
application.

Everyone that knows that username/password will be able to use it with
Excel, QA, and other tools, to access data in the database, and if the
security is not 'tight', even data in other databases. (Depending upon their
skill level, etc.)

Recognize that with SQL 2000 authentication, you are making a significant
'downgrade' in server/database security -unless it is done well, and with
constant vigilance and auditing.

--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous