x

retrieve sa password in sql2005

Hi All

I have a software developed by someone using sql2005 as backend

Now i have to develop a new software which retrieve some data from existing Database

now my developer want the password of sa, we cant reset sa password , because if we reset the sa password the older software will stop working

Please help

thank you

more ▼

asked Jan 04, 2010 at 06:21 AM in Default

Manoj Dani gravatar image

Manoj Dani
31 1 1 1

Did you check the configuration file for the "older software"? The software probably stores the sa password somewhere so it can make its own database connection.
Jan 05, 2010 at 11:57 PM KenJ
(comments are locked)
10|1200 characters needed characters left

4 answers: sort voted first

If you just want to write a new application to interact with the database, then your best choice is to create a new user. Setting up applications to interact with the database using the sa account is a hugely bad practice.

more ▼

answered Jan 04, 2010 at 06:29 AM

Matt Whitfield gravatar image

Matt Whitfield ♦♦
29.4k 61 65 87

Adding a new user is probably the best way to go. Also, for security reasons it is generally wise to give application accounts (actually all accounts, but especially application accounts) the minimum permissions they need to do their work. That is very rarely fully administrative rights.
Jan 04, 2010 at 09:08 PM TimothyAWiseman
(comments are locked)
10|1200 characters needed characters left

You can't reverse-engineer it. Run SSMS as a Windows account that is in the Administrators group on the Windows server hosting SQL. Then you will be able to connect to SQL with sysadmin rights, and be able to grant access to developer's login.

more ▼

answered Jan 04, 2010 at 06:30 AM

Rob Farley gravatar image

Rob Farley
5.7k 16 18 20

(comments are locked)
10|1200 characters needed characters left

You cannot retrieve the 'sa' password. That's a security feature, by design. If you've lost it, you'll need to change it. If an app was written using it, I would very strongly advise you to get that app changed. That is one of the primary means of hackers and viruses to steal or corrupt your data. I'll bet that app uses inline dynamic sql as well doesn't it?

more ▼

answered Jan 04, 2010 at 10:43 AM

Grant Fritchey gravatar image

Grant Fritchey ♦♦
101k 19 21 74

(comments are locked)
10|1200 characters needed characters left

Like Matt said, the best solution is to create another user. Sooner or later an auditor will force you to forgo all use of sa

or

If the connection is not encrypted, run WireShark and sniff the password off the network. This probably violates your network security policy, so check first (grin). Start a capture and run your app that connects to the db. Look for the tabular data stream packets. There will be a login packet. In the packet details window you will see something like this:

 Login Packet Header Lengths and offsets Client Name: ADMIN-PC Username: sa Password: SSC App Name: .Net SqlClient Data Provider Server Name: 192.168.1.102 Library Name: .Net SqlClient Data Provider Database Name: NFL 
more ▼

answered Jan 05, 2010 at 11:44 PM

Scot Hauder 6 gravatar image

Scot Hauder 6
11

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

New code box

There's a new way to format code on the site - the red speech bubble logo will automatically format T-SQL for you. The original code box is still there for XML, etc. More details here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x1948
x162
x18

asked: Jan 04, 2010 at 06:21 AM

Seen: 4361 times

Last Updated: Aug 05 at 03:06 AM