Compare Report Summary - Showing user passwords
ESG
Posts: 2
Hi,
I have just installed the trial version of SQL Compare - very impressive.
Anyway, I copied a database so that I know that I'm dealing with two identical DBs to begin with. When I view the Summary Report where it lists the user is lists the following code:
== -- User == IF NOT EXISTS (SELECT * FROM master.dbo.syslogins WHERE loginname = N'username')
== exec sp_addlogin N'username', 'password'
== GO
== sp_grantdbaccess N'username', N'username'
== GO
==
Is the password shown a generic password allocated by SQL Compare? With the intention of the DBA then going in and resetting passwords. Or are the passwords listed the actual passwords (I am new to this orgnasation, and the possibility that all the users have the same password is very possible - this server is not in production yet).
I will be sharing these reports with others in the project, as we will be using it to document updates etc provided by the developers (long story, don't ask!). Anyway, I am not happy about the user passwords being listed in plain text in the report.
I have had a look at the SQL Compare Help, but there is nothing at all that I can see about users & passwords.
Can anyone shed any light on this for me?
Thanks
ESG
I have just installed the trial version of SQL Compare - very impressive.
Anyway, I copied a database so that I know that I'm dealing with two identical DBs to begin with. When I view the Summary Report where it lists the user is lists the following code:
== -- User == IF NOT EXISTS (SELECT * FROM master.dbo.syslogins WHERE loginname = N'username')
== exec sp_addlogin N'username', 'password'
== GO
== sp_grantdbaccess N'username', N'username'
== GO
==
Is the password shown a generic password allocated by SQL Compare? With the intention of the DBA then going in and resetting passwords. Or are the passwords listed the actual passwords (I am new to this orgnasation, and the possibility that all the users have the same password is very possible - this server is not in production yet).
I will be sharing these reports with others in the project, as we will be using it to document updates etc provided by the developers (long story, don't ask!). Anyway, I am not happy about the user passwords being listed in plain text in the report.
I have had a look at the SQL Compare Help, but there is nothing at all that I can see about users & passwords.
Can anyone shed any light on this for me?
Thanks
ESG
Comments
Hi,
The password in question is one that is set by SQL Compare. If a user does not exist in the target database, we will generate a script that will create this user, with the password we specify ("p@ssw0rd"). We do give a warning about this, so it is worth to have a look at them. The warning also serves as a reminder, that wile we do create a user to ensure that the migration succeeds, idealy users should be migrated manually in a way that complies with the organization's security policy (if there is one ). This is especially important in case of SQL Server 2005 which has a few extra aurthorization options for users (such as certificate or key based users).
Regards,
Andras
Red Gate Software Ltd.