retrieve sa password in sql2005

Hi All

I have a software developed by someone using sql2005 as backend

Now i have to develop a new software which retrieve some data from existing Database

now my developer want the password of sa, we cant reset sa password , because if we reset the sa password the older software will stop working

Please help

thank you

asked Jan 04 '10 at 06:21 AM in Default

Manoj Dani
31 ● 1 ● 1 ● 1

Did you check the configuration file for the "older software"? The software probably stores the sa password somewhere so it can make its own database connection.

Jan 05 '10 at 11:57 PM KenJ

(comments are locked)

4 answers:

If you just want to write a new application to interact with the database, then your best choice is to create a new user. Setting up applications to interact with the database using the sa account is a hugely bad practice.

answered Jan 04 '10 at 06:29 AM

Matt Whitfield ♦♦
29.2k ● 56 ● 63 ● 87

Adding a new user is probably the best way to go. Also, for security reasons it is generally wise to give application accounts (actually all accounts, but especially application accounts) the minimum permissions they need to do their work. That is very rarely fully administrative rights.

Jan 04 '10 at 09:08 PM TimothyAWiseman

(comments are locked)

You can't reverse-engineer it. Run SSMS as a Windows account that is in the Administrators group on the Windows server hosting SQL. Then you will be able to connect to SQL with sysadmin rights, and be able to grant access to developer's login.

answered Jan 04 '10 at 06:30 AM

Rob Farley
5.7k ● 13 ● 17 ● 19

(comments are locked)

You cannot retrieve the 'sa' password. That's a security feature, by design. If you've lost it, you'll need to change it. If an app was written using it, I would very strongly advise you to get that app changed. That is one of the primary means of hackers and viruses to steal or corrupt your data. I'll bet that app uses inline dynamic sql as well doesn't it?

answered Jan 04 '10 at 10:43 AM

Grant Fritchey ♦♦
61.5k ● 12 ● 19 ● 66

(comments are locked)

Like Matt said, the best solution is to create another user. Sooner or later an auditor will force you to forgo all use of sa

If the connection is not encrypted, run WireShark and sniff the password off the network. This probably violates your network security policy, so check first (grin). Start a capture and run your app that connects to the db. Look for the tabular data stream packets. There will be a login packet. In the packet details window you will see something like this:

Login Packet Header
Lengths and offsets
Client Name: ADMIN-PC
Username: sa
Password: SSC
App Name: .Net SqlClient Data Provider
Server Name: 192.168.1.102
Library Name: .Net SqlClient Data Provider
Database Name: NFL

answered Jan 05 '10 at 11:44 PM