Password file (?)
Posted on 2005-05-12
Our security guy just asked me for one of the server's "password file". He's legit. He wants to make sure all the SQL Server Authentication logins are using strong passwords. Password file? There's someplace in SS that stores the passwords unencrypted???? (BTW, if y'all tell me there is, you'll surprise the h**l out of me).
Encrypted, I can buy that. He says he can crack it. That makes me uneasy. Heck, I guess anyone can crack anything, but I sure don't want to have to worry about a system table that someone can crack that easily.
But where does SS store its encrypted password info? I suppose I can look in BOL, but I wanted to hear some expert commentary on this.