retrieve sa password in sql2005

Hi All

I have a software developed by someone using sql2005 as backend

Now i have to develop a new software which retrieve some data from existing Database

now my developer want the password of sa, we cant reset sa password , because if we reset the sa password the older software will stop working

Please help

thank you

more ▼

asked Jan 04, 2010 at 06:21 AM in Default

avatar image

Manoj Dani
31 1 1 1

Did you check the configuration file for the "older software"? The software probably stores the sa password somewhere so it can make its own database connection.

Jan 05, 2010 at 11:57 PM KenJ
(comments are locked)
10|1200 characters needed characters left

4 answers: sort voted first

If you just want to write a new application to interact with the database, then your best choice is to create a new user. Setting up applications to interact with the database using the sa account is a hugely bad practice.

more ▼

answered Jan 04, 2010 at 06:29 AM

avatar image

Matt Whitfield ♦♦
29.5k 62 66 88

Adding a new user is probably the best way to go. Also, for security reasons it is generally wise to give application accounts (actually all accounts, but especially application accounts) the minimum permissions they need to do their work. That is very rarely fully administrative rights.

Jan 04, 2010 at 09:08 PM TimothyAWiseman
(comments are locked)
10|1200 characters needed characters left

You can't reverse-engineer it. Run SSMS as a Windows account that is in the Administrators group on the Windows server hosting SQL. Then you will be able to connect to SQL with sysadmin rights, and be able to grant access to developer's login.

more ▼

answered Jan 04, 2010 at 06:30 AM

avatar image

Rob Farley
5.8k 16 22 28

(comments are locked)
10|1200 characters needed characters left

You cannot retrieve the 'sa' password. That's a security feature, by design. If you've lost it, you'll need to change it. If an app was written using it, I would very strongly advise you to get that app changed. That is one of the primary means of hackers and viruses to steal or corrupt your data. I'll bet that app uses inline dynamic sql as well doesn't it?

more ▼

answered Jan 04, 2010 at 10:43 AM

avatar image

Grant Fritchey ♦♦
137k 20 47 81

(comments are locked)
10|1200 characters needed characters left

Like Matt said, the best solution is to create another user. Sooner or later an auditor will force you to forgo all use of sa


If the connection is not encrypted, run WireShark and sniff the password off the network. This probably violates your network security policy, so check first (grin). Start a capture and run your app that connects to the db. Look for the tabular data stream packets. There will be a login packet. In the packet details window you will see something like this:

Login Packet Header
Lengths and offsets
Client Name: ADMIN-PC
Username: sa
Password: SSC
App Name: .Net SqlClient Data Provider
Server Name:
Library Name: .Net SqlClient Data Provider
Database Name: NFL

more ▼

answered Jan 05, 2010 at 11:44 PM

avatar image

Scot Hauder 6

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.



asked: Jan 04, 2010 at 06:21 AM

Seen: 6053 times

Last Updated: Aug 05, 2014 at 03:06 AM

Copyright 2018 Redgate Software. Privacy Policy