Blank Password Policy problem

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • crazyone
    #1

    Blank Password Policy problem

    Hi all,

    We recently started to receive complaints about our install project not
    working and giving and shitload of error messages related to SQL. We
    later found out that the problem was the users we were trying to bind
    to we're not created because of the domain password policy feature
    implemented into SQL Server 2005.

    After much dabbling around the SQL scripts that created the database
    structure, we came to the conclusion that only this piece of code could
    correct our problem :

    CREATE LOGIN mynewuser WITH PASSWORD = '', CHECK_POLICY = OFF,
    CHECK_EXPIRATIO N = OFF

    This runs perfectly fine on SQL2005, but not on SQL2000. We have been
    searching for a way to have code in SQL files executed on install that
    doesn't fail to compile when run against the server and that will
    bypass the password policy in case it's a SQL Server 2005...

    Right now we are testing a feature available in MSI that can filter
    scripts not matching a database version, but the problem with this, is
    that we are missing a lot of features that InstallShield has. In short,
    we need Help to fix this issue and be able to continue with
    development.

    In hopes to receive a a prompt anwser

    Tags: None
    • crazyone
      #2
      Re: Blank Password Policy problem

      Oh and by the way, the SQL2000 code we use is the following:

      exec sp_addlogin N'mynewuser', null, @logindb, @loginlang

      PS : @logindb and @loginlang are valid variables that contain correct
      info for this SP to work

        Comment

        • David Portas
          #3
          Re: Blank Password Policy problem

          crazyone wrote:
          Oh and by the way, the SQL2000 code we use is the following:
          >
          exec sp_addlogin N'mynewuser', null, @logindb, @loginlang
          >
          PS : @logindb and @loginlang are valid variables that contain correct
          info for this SP to work

          Why not just set a sensible password to start with? The same password
          for each login if you like (anything must be better than a blank
          password). Have you ever had a security audit?

          Otherwise I think having two versions of your code may be your only
          option.

          --
          David Portas, SQL Server MVP

          Whenever possible please post enough code to reproduce your problem.
          Including CREATE TABLE and INSERT statements usually helps.
          State what version of SQL Server you are using and specify the content
          of any error messages.

          SQL Server Books Online:
          Books Online
          http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx

          --

            Comment

            • crazyone
              #4
              Re: Blank Password Policy problem

              My boss produced the code linking to the database with THAT user, it's
              a read-only user but doesn't have password. I don't feel it's safe too,
              but my boss doesn't want to recode the app to change the password, but
              he does want me to spend (up to now) 20 hours to remake the install
              software and the sql scripts... strange no?

                Comment

                Previous template Next
                Working...