HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlModerate

Set SA to weak Password in SQL Server 2012

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
2012sqlweakpasswordserverset

Problem

Hi I'm migrating a database to SQL Server 2012, and I have a problem.

Let me start by saying the application (ISV) has horrible security! So try not to cringe too much.

  • The app logs in with sa authentication.



  • The sa password is hard-coded into the app.



So the sa password on the 2012 instance must match the app login. However, it does not meet the 2012 password requirements.

Is there a way to override this functionality?

Solution

Try

ALTER LOGIN sa
 WITH PASSWORD = 'password',
  CHECK_POLICY = OFF


(I feel dirty now)

In order to mitigate some of the potential horrors this allows, I'd recommend renaming the built-in sa account to something else, then creating a new login called sa with the rights the app actually requires.

Code Snippets

ALTER LOGIN sa
 WITH PASSWORD = 'password',
  CHECK_POLICY = OFF

Context

StackExchange Database Administrators Q#25680, answer score: 14

Revisions (0)

No revisions yet.