mibuso.com
Home SQL General

Sql server user-check for identical password

akmanakman Member Posts: 67
edited 2008-09-04 in SQL General
Hello everybody,

A customer of mine has NAV 5 with the sql server option (sql 2005), and he needs this check:
Every time a user changes his password, he must not use a password he already had used in the past.
The problem is that I don't know how to do that. In sql server I don't think there is something, and it seems that password for sql users are not stored in NAV.

I hope that someone can help me [-o< ...
Thanks in advance!

Comments

  • DenSterDenSter Member Posts: 8,307
    For database logins you'd have to develop something. You could use Windows Authentication instead, and then it is controlled by Windows.
    Daniel Rimmelzwaan
    RIS Plus, LLC
  • krikikriki Member, Moderator Posts: 9,112
    [Topic moved from Navision forum to SQL General forum]
    Regards,Alain Krikilion
    No PM,please use the forum. || May the <SOLVED>-attribute be in your title!

  • akmanakman Member Posts: 67
    Can you help me with the database logins solution?
  • DenSterDenSter Member Posts: 8,307
    It depends entirely on your functional requirements what you want to do. There are login functions in codeunit 1 that you would probably look at adding some code to check for passwords. Come to think of it, it might not be all that easy. The thing that makes it difficult is that the password is stored as part of the SQL Server authentication, and you will probably not be able to decrypt the values.

    Is there any particular reason you don't want to use Windows authentication? That already has this functionality in it, and you won't have to develop anything.
    Daniel Rimmelzwaan
    RIS Plus, LLC
  • akmanakman Member Posts: 67
    The customer didn't accept the windows authentication solution...
  • bbrownbbrown Member Posts: 3,268
    SQL 2005 supports the enforcement of password policies for SQL Server (database) authentication. The issue wil be that the NAV client will not pass appropriate message to the user.

    I would consider Windows Authentication as the preferred solution. What is the customer's resistance? They may have a valid reason that I'm not thinking about.
    There are no bugs - only undocumented features.
  • akmanakman Member Posts: 67
    bbrown wrote:
    SQL 2005 supports the enforcement of password policies for SQL Server (database) authentication. The issue wil be that the NAV client will not pass appropriate message to the user.

    Sql supports not to use the same password twice? Can you tell me how?
  • bbrownbbrown Member Posts: 3,268
    akman wrote:
    bbrown wrote:
    SQL 2005 supports the enforcement of password policies for SQL Server (database) authentication. The issue wil be that the NAV client will not pass appropriate message to the user.

    Sql supports not to use the same password twice? Can you tell me how?

    Leave the "enforce password policy" and "enforce password expiration" boxes checked on the SQL logins. This uses the Windows password policy for the local computer (server).

    As I said, the issue here will be that the user does not get the appropriate messages thru the NAV client. For example, they will never receive the warnings that their password is going to expire. Just one day they will not be able to login.
    There are no bugs - only undocumented features.
Sign In or Register to comment.