Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.databases.ms-sqlserver > #2264
| Path | csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail |
|---|---|
| From | Anton Shepelev <anton.txt@g{oogle}mail.com> |
| Newsgroups | comp.databases.ms-sqlserver |
| Subject | Re: Determine what password is used during a login attempt |
| Date | Thu, 6 Mar 2025 13:35:18 +0300 |
| Organization | A noiseless patient Spider |
| Lines | 34 |
| Message-ID | <20250306133518.75149761831624191f3d21bd@g{oogle}mail.com> (permalink) |
| References | <20250305142848.fc47cf2469d2b8e8a1b6675d@g{oogle}mail.com> <XnsB299CAB9E3DDFYazorman@127.0.0.1> |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=US-ASCII |
| Content-Transfer-Encoding | 7bit |
| Injection-Date | Thu, 06 Mar 2025 11:35:23 +0100 (CET) |
| Injection-Info | dont-email.me; posting-host="b9515c2948ff43ae875e80ba7a48b143"; logging-data="3097178"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Yy2vVlOUqCn34AhV4ZrvL1bvUFkht3Gs=" |
| Cancel-Lock | sha1:e7XXE/T0K033Gc6t9j8HCG3+POw= |
| X-Newsreader | Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32) |
| Xref | csiph.com comp.databases.ms-sqlserver:2264 |
Show key headers only | View raw
Erland Sommarskog to Anton Shepelev: > > Hello, all > > Yeah "all", it's soooo crowded here. :-) According to the statistics, it is quite crowded -- 100% of questions in this newsgroup receive a meaningful answer from an MSSQL expert. How many forums can boast of that? You could mention this group in the SQL section of your website, or in your contacts, to remind the readers that Usenet lives on. > > Is it possible determine the password it tries to use, > > if we have full admin access to that database (and the > > entire server) under the 'sa' user? > > No. It's an encrypted hash. If it was reversible that > would be a major security issue. So, only password hashes are sent from client to server? Makes sense. I had a withering weak hope, however, that a complete administrator access to the server would let me do something about it. We all wish security were weaker when dealing with the aftermath of bugs or poor work discipline, and wish it were stronger every time our system was hacked and encrypted by ransomware. -- () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments
Back to comp.databases.ms-sqlserver | Previous | Next — Previous in thread | Find similar
Determine what password is used during a login attempt Anton Shepelev <anton.txt@g{oogle}mail.com> - 2025-03-05 14:28 +0300
Re: Determine what password is used during a login attempt Erland Sommarskog <esquel@sommarskog.se> - 2025-03-05 19:55 +0100
Re: Determine what password is used during a login attempt Anton Shepelev <anton.txt@g{oogle}mail.com> - 2025-03-06 13:35 +0300
csiph-web