patternsqlModerate
Set SA to weak Password in SQL Server 2012
Viewed 0 times
2012sqlweakpasswordserverset
Problem
Hi I'm migrating a database to SQL Server 2012, and I have a problem.
Let me start by saying the application (ISV) has horrible security! So try not to cringe too much.
So the sa password on the 2012 instance must match the app login. However, it does not meet the 2012 password requirements.
Is there a way to override this functionality?
Let me start by saying the application (ISV) has horrible security! So try not to cringe too much.
- The app logs in with sa authentication.
- The sa password is hard-coded into the app.
So the sa password on the 2012 instance must match the app login. However, it does not meet the 2012 password requirements.
Is there a way to override this functionality?
Solution
Try
(I feel dirty now)
In order to mitigate some of the potential horrors this allows, I'd recommend renaming the built-in sa account to something else, then creating a new login called sa with the rights the app actually requires.
ALTER LOGIN sa
WITH PASSWORD = 'password',
CHECK_POLICY = OFF(I feel dirty now)
In order to mitigate some of the potential horrors this allows, I'd recommend renaming the built-in sa account to something else, then creating a new login called sa with the rights the app actually requires.
Code Snippets
ALTER LOGIN sa
WITH PASSWORD = 'password',
CHECK_POLICY = OFFContext
StackExchange Database Administrators Q#25680, answer score: 14
Revisions (0)
No revisions yet.