Compare Report Summary - Showing user passwords

ESGESG Posts: 2
edited February 17, 2006 5:21AM in SQL Compare Previous Versions
Hi,

I have just installed the trial version of SQL Compare - very impressive.

Anyway, I copied a database so that I know that I'm dealing with two identical DBs to begin with. When I view the Summary Report where it lists the user is lists the following code:

== -- User == IF NOT EXISTS (SELECT * FROM master.dbo.syslogins WHERE loginname = N'username')
== exec sp_addlogin N'username', 'password'
== GO
== sp_grantdbaccess N'username', N'username'
== GO
==

Is the password shown a generic password allocated by SQL Compare? With the intention of the DBA then going in and resetting passwords. Or are the passwords listed the actual passwords (I am new to this orgnasation, and the possibility that all the users have the same password is very possible - this server is not in production yet).

I will be sharing these reports with others in the project, as we will be using it to document updates etc provided by the developers (long story, don't ask!). Anyway, I am not happy about the user passwords being listed in plain text in the report.

I have had a look at the SQL Compare Help, but there is nothing at all that I can see about users & passwords.

Can anyone shed any light on this for me?

Thanks
ESG :)

Comments

  • ESG wrote:
    Hi,

    I have just installed the trial version of SQL Compare - very impressive.

    Anyway, I copied a database so that I know that I'm dealing with two identical DBs to begin with. When I view the Summary Report where it lists the user is lists the following code:

    == -- User == IF NOT EXISTS (SELECT * FROM master.dbo.syslogins WHERE loginname = N'username')
    == exec sp_addlogin N'username', 'password'
    == GO
    == sp_grantdbaccess N'username', N'username'
    == GO
    ==

    Is the password shown a generic password allocated by SQL Compare? With the intention of the DBA then going in and resetting passwords. Or are the passwords listed the actual passwords (I am new to this orgnasation, and the possibility that all the users have the same password is very possible - this server is not in production yet).

    I will be sharing these reports with others in the project, as we will be using it to document updates etc provided by the developers (long story, don't ask!). Anyway, I am not happy about the user passwords being listed in plain text in the report.

    I have had a look at the SQL Compare Help, but there is nothing at all that I can see about users & passwords.

    Can anyone shed any light on this for me?

    Thanks
    ESG :)

    Hi,
    The password in question is one that is set by SQL Compare. If a user does not exist in the target database, we will generate a script that will create this user, with the password we specify ("p@ssw0rd"). We do give a warning about this, so it is worth to have a look at them. The warning also serves as a reminder, that wile we do create a user to ensure that the migration succeeds, idealy users should be migrated manually in a way that complies with the organization's security policy (if there is one :)). This is especially important in case of SQL Server 2005 which has a few extra aurthorization options for users (such as certificate or key based users).

    Regards,
    Andras
    András Belokosztolszki, PhD
    Red Gate Software Ltd.
Sign In or Register to comment.