Creating a SQL Server user authentication schema

Special Ops Security

Learn how to create a SQL Server user authentication schema having password and tracked data changes requirements and how it involves Windows authentication.

How can I generate a SQL Server user authentication/authorization schema (tables/keys/indexes) to support the following requirements:

Step 2 of 2:

A user is required to have a login name, first name, last name, and password.
A user password will expire in 90 days.
A user account will be locked after five failed attempts in five minutes.
A locked account will automatically be unlocked 20 minutes after last failed login attempt.
A user can change their password but it cannot be the same as any of the last 10 passwords used.
All data changes have to be tracked and attributable to the person making the changes.

If you are using SQL Server authentication, you will have to put source code in your application to account for "1" and "2". Since SQL Server will be doing the authentication, you won't be able to perform "3" through "6". If you choose to use Windows authentication – more secure with some tradeoffs – you'll be able to set the password complexity and lockout options with a Group Policy Object or Local Security Policy.

This was first published in December 2007

This Content Component encountered an error

PRO+

Content

Find more PRO+ content and other member only offers, here.

E-Handbook

Pricing out the new Windows Azure SQL Database

Related Q&A; from Steven Andres

Creating a login in SQL Server 2000 Enterprise Manager

Find how to create a SQL Server 2000 login account and then set user account rights to specific databases with "db_owner."continue reading

Could a join of encrypted SQL Server data have a problem?

When encrypting SQL tables that have joins in SQL Server 2000, learn about possible problems that may arise with different data values in those ...continue reading

SQL Server connection lost when SA password is changed

Learn why SQL Server 2000 connection is lost on the client side when database administrator changes 'SA' password on the SQL Server domain.continue reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our SQL Server experts

View all SQL Server questions and answers

SearchBusinessAnalytics

Big data picture complete with data visualization projects

IT directors at companies that are actively pulling in reams of big data may feel like they have arrived. They've put the tools ...

How to evaluate and select the right BI analytics tool

Expert Rick Sherman has advice for organizations trying to settle on BI analytics tools: Figure out which features are must-haves...

Nate Silver lays out data-driven business strategy

A lack of standards and best practices can hold back businesses from becoming more data-driven, says Nate Silver, founder and ...

SearchDataCenter

TSA packs bags tight with data center consolidation initiative

The TSA is overhauling its IT infrastructure with equipment upgrades, virtualization and cloud as part of a major data center ...

Iceland's data center opportunities and challenges

Data centers in Iceland access a stable power grid and free cooling. But questions still loom about Iceland's available capital ...

How learning Linux jumpstarted my career

Choosing an alternative to Windows 98 and learning Linux -- back in the 90s -- led Jack Wallen to his current career. How did you...

SearchDataManagement

NoSQL technology still prepping for wide enterprise entry

NoSQL database technology is built for processing speed and data flexibility. But it needs a fuller feature set and more skilled ...

Alteryx software targets Amazon big data

The latest Alteryx analytics engine gets enterprises close to Amazon big data, with nods to spreadsheet aficionados and R ...

Evaluating SQL-on-Hadoop tools? Start with the use case

In a Q&A;, Clarity Solution Group CTO Tripp Smith says to base SQL-on-Hadoop software decisions on actual workloads. Some Hadoop ...

SearchAWS

AWS re:Invent 2015 to focus on cloud management, security

Capturing more attention than years past, AWS re:Invent 2015 could see a variety of new tools. Cloud users should keep an eye on ...

New tool uses S3 to reap AWS cost savings

A new company has emerged from stealth with an alternative to AWS Auto Scaling Groups for SMBs in search of EC2 cost saving ...

Docker deployment can work wonders for test and dev

While it might not be a fit in every scenario, AWS support for popular Docker containers can save application developers some ...

SearchOracle

Data sovereignty inspires Oracle action in Canada

Oracle built a new data center in Canada to address data residency and data sovereignty concerns of the country's public sector ...

SolarWinds Database Performance Analyzer gets MySQL support

The latest version of SolarWinds Database Performance Analyzer works with MySQL, giving users of both Oracle and MySQL a common ...

How to make sense of Oracle licenses for VMware environments

Oracle licenses are a tricky subject and Oracle licensing for VMware environments doubly so. Find out about the important ...

SearchContentManagement

Government deployments play up SharePoint pros and cons

SharePoint is widely used in the public sector, and those deployments often emphasize the strengths and weaknesses of the ...

Hyland OnBase manages enterprise content

Hyland OnBase helps organizations manage documents and data to streamline business operations, with specific enhancements for the...

Lexmark's Perceptive ECM tools for content management

To address content management needs for midsize to large enterprises, Lexmark's Perceptive ECM tools are grouped into four ...

SearchWindowsServer

Six must-read Windows security resources for admins

Need to brush up on your Windows security skills, but don't have time to sort through the noise? Consider these six resources as ...

Manage user identity with Windows Azure Active Directory

Azure Active Directory allows admins to manage end-user identities and comes in three versions. Which one depends on your ...

Use a PowerShell script to force logoff an RDP session

When end users remain logged in to an RDP session, it consumes valuable resources. Use this PowerShell script to force users to ...

E-Handbook

Related Q&A; from Steven Andres

Have a question for an expert?

0 comments

E-Mail

Username / Password

Password

Forgot Password?

Your password has been sent to: