Reputation: 4184
SQL Server 2008 Mixed Mixed Mode Security?
We are setting up a SQL Server 2008 Standard edition on a Web Server for the first time. We normally have our SQL Server on our local Intranet and only use windows authentication.
What is the best practise authentication mode for a web server? Can I use Mixed mode without any security worries?
Upvotes: 1
Views: 1851
Answers (2)
Reputation: 41819
Although you will be just fine using Mixed Mode Authentication, if all of your servers are within the same domain then you should strongly consider using Windows Authentication only.
The recommended best practice is to use Windows Authentication, unless specifically necessary to do otherwise.
See SQL Server Books Online and in particular the security note "When possible, use Windows Authentication":
http://msdn.microsoft.com/en-us/library/ms144284.aspx
Upvotes: 3
Reputation: 432210
Yes, as long as you don't use "sa" for the app and you set the "sa" password here very, very strong. (Or rename "sa" and create a dummy "sa" account).
Most shops use mixed mode because web servers, firewalls, cross-domain issues, 3rd party apps etc all conspire to prevent windows authentication only
Upvotes: 3
Related Questions
- SQL Server : Security User Login
- SQL Server Windows Authentication Security
- SQL Server Integrated Authentication Mode
- SQL Server 2005 mixed mode authentication
- How to secure SQL Server Management Studtio
- New SQL Server Install Mixed Mode authentication not allowing Windows Authentication
- SQL Server Authentication
- SQL authentication in SQL Server 2008
- sql server authentication user
- SQL Server authentication in SQL Server 2008