Thursday, February 16, 2012

can Password be hacked?

Can password be hacked? Because my friend ever say, there is a software can
hack SQL Server. Is it true? If yes, how to avoid from hacker? and What name
program that can do it?
which is more secure, use login with "Windows authentication" or "SQL
authentication"?Hi
Any server may be open to a brute force attack, and therefore ensuring
strong passwords is essential. Auditing login failures therefore important.
The main problem in the past has been that passwords have not been mandatory
,
therefore making it easy for someone to obtain access.
Windows authentication is more secure.
This may help:
http://www.microsoft.com/technet/pr...n/sp3sec01.mspx
John
"Bpk. Adi Wira Kusuma" wrote:

> Can password be hacked? Because my friend ever say, there is a software ca
n
> hack SQL Server. Is it true? If yes, how to avoid from hacker? and What na
me
> program that can do it?
> which is more secure, use login with "Windows authentication" or "SQL
> authentication"?
>
>|||Windows Authentication is recognized as the more secure option and is
recommended wherever possible. It's as secure as Windows is but there's no
such thing as absolute security.
David Portas
SQL Server MVP
--|||> Can password be hacked? Because my friend ever say, there is a software can
> hack SQL Server. Is it true? If yes, how to avoid from hacker? and What na
me
> program that can do it?
In theory, all passwords of any kind can be hacked. The real question "Can t
he
password be hacked in a timely fashion such that it is still useful?" What m
akes
SQL users weaker as a security structure than Windows Authentication has not
hing
to do with the encryption scheme. It has to do with other featuers like
disabling passwords after a specified number of attempts, requiring password
periodic password changes, logging failed password attempts and most
importantly, not sending the username and password in the clear to authentic
ate.
Some of these issues have been addressed in SQL 2005.

> which is more secure, use login with "Windows authentication" or "SQL
> authentication"?
Windows authentication is far more secure than SQL authentication.
Thomas

No comments:

Post a Comment