 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / April 2006Change Password
I created a SQL login name which I'm specifically intending to use as the login id that can allow a user to change their own password. I currently have this login id permission checked off as 'Security Administrators' in the Server Roles tab but I noticed by checking this off it gives all of the other security permissions listed. Is there a way to only allow this specific login id to change passwords but not any other security permission? Can anyone advise if this is a safe practice or should I be doing a different approach in letting users change their own passwords? No...not a safe practice. Users can change their own passwords without needing to implement any security changes. Check books online and look up sp_password. By default, public has execute permissions on this system stored procedure. Logins that aren't members of sysadmins or securityadmins can only change their own passwords. That is what you would want. -Sue >I created a SQL login name which I'm specifically intending to use as the >login id that can allow a user to change their own password. I currently [quoted text clipped - 4 lines] >Can anyone advise if this is a safe practice or should I be doing a >different approach in letting users change their own passwords? Thanks a bunch for your reply Sue. I really appreciate it. When you mean the Public role are you referring to the Public role in my user defined database or the master database? I tried to execute sp_password from my .asp page to change my own password being logged in as a regular database user and am getting the following error message: 'Only members of the sysadmin role can use the loginame option. The password was not changed.' Thanks Sue. J > No...not a safe practice. Users can change their own > passwords without needing to implement any security changes. [quoted text clipped - 16 lines] >>Can anyone advise if this is a safe practice or should I be doing a >>different approach in letting users change their own passwords? Actually I just found out that I just needed to remove the last parameter of supplying the login id and it worked fine. Thanks again :-) J > Thanks a bunch for your reply Sue. I really appreciate it. > [quoted text clipped - 30 lines] >>>Can anyone advise if this is a safe practice or should I be doing a >>>different approach in letting users change their own passwords? No problem...thanks for posting back. -Sue >Actually I just found out that I just needed to remove the last parameter of >supplying the login id and it worked fine. [quoted text clipped - 37 lines] >>>>Can anyone advise if this is a safe practice or should I be doing a >>>>different approach in letting users change their own passwords? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.