
	Home > Ask the SQL Server Experts > Steven Andres - Security Questions & Answers > Creating a SQL Server user authentication schema

Ask The SQL Server Expert: Questions & Answers

EMAIL THIS

Creating a SQL Server user authentication schema

EXPERT RESPONSE FROM: Steven Andres

		Pose a Question

		Other SQL Server Categories

		Meet all SQL Server Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 31 December 2007
How can I generate a SQL Server user authentication/authorization schema (tables/keys/indexes) to support the following requirements:

A user is required to have a login name, first name, last name, and password.

A user password will expire in 90 days.

A user account will be locked after five failed attempts in five minutes.

A locked account will automatically be unlocked 20 minutes after last failed login attempt.

A user can change their password but it cannot be the same as any of the last 10 passwords used.

All data changes have to be tracked and attributable to the person making the changes.

EXPERT RESPONSE
If you are using SQL Server authentication, you will have to put source code in your application to account for "1" and "2". Since SQL Server will be doing the authentication, you won't be able to perform "3" through "6". If you choose to use Windows authentication – more secure with some tradeoffs – you'll be able to set the password complexity and lockout options with a Group Policy Object or Local Security Policy.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SQL Server security
	Implementing security audit in SQL Server 2008
	Tutorial: Learn SQL Server basics from A-Z
	New security features in SQL Server 2008 leave some work for you
	Can I encrypt and restore a database backup in SQL Server 2005?
	FAQ: How to troubleshoot and grant SQL Server permissions
	Secure SQL Server from SQL injection attacks
	How insiders hack SQL databases with free tools and a little luck
	Sarbanes-Oxley compliance checklist: IT security and SQL audits
	SQL Server source code analysis and management adds database security
	Ten common SQL Server security vulnerabilities you may be overlooking

Steven Andres - Security

Could a join of encrypted SQL Server data have a problem?

SQL Server connection lost when SA password is changed

Code to connect SQL Server 7.0 to Visual Basic 6.0

How to set SQL Server password for SA login

Creating a login in SQL Server 2000 Enterprise Manager

Set SQL Server password on database in version 7.0

Solve SQL Server permissions and authentication problems

Create username and password for new SQL Server database

Recover password in SQL Server 2000

Protect against SQL Injection by whitelisting

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

data corruption (SearchSQLServer.com)

data hiding (SearchSQLServer.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SQL Solutions - SQL Database Design

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2005 - 2008, TechTarget \| Read our Privacy Policy