Tuesday, April 03, 2007

Changing SQL Server Passwords

Most security experts recommendations include changing passwords frequently to enhance security. It is easy to change the password on a SQL Server Username via Query Analyzer. Changing the password with Query Analyzer makes it easy to coordinate changing the password on the database server at the same time as it is changed in the connection string. This approach provides the flexibility to change the password at the most appropriate time for the application.

To change the SQL Server Username password, just connect to the database with Query Analyzer using the SQL Server Username that is being updated and the current password. Then run "sp_password" to change the password.

Here is a simple example that changes the current password from "current_password" to "new_password" :

sp_password 'current_password', 'new_password'

If your first SQL Server installation use a blank password then you need this way to change the SQL Server password :

sp_password NULL, 'new_password'

Be sure to use a strong password, "new_password" is just an example. For a quick test to confirm that the new password is working, close Query Analyzer and then re-connect with the new password. That is all there is to it, except for changing your connections string. It is obvious, but still critical to remember to change the password in your connection string if this SQL Username is used in your code. Once the password has been changed and tested with Query Analyzer, update the connection string with the new password and test that everything still works correctly, and you're done.

No comments: