Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SQL Server 2008: should I be using Windows auth or SQL Server auth?

I have an MS-Access 2007 front end. I will have multiple users on it. They are all going to be on the network company domain. Should I be using Windows authentication or SQL Server authentication to be connecting to SQL Server 2008 via ODBC?

like image 431
Alex Gordon Avatar asked Oct 22 '10 17:10

Alex Gordon


People also ask

Is Windows authentication better than SQL Server authentication?

Connecting Through Windows Authentication This means that the user identity is confirmed by Windows. SQL Server does not ask for the password, and does not perform the identity validation. Windows Authentication is the default authentication mode, and is much more secure than SQL Server Authentication.

Why is Windows authentication the preferred authentication method?

Windows authentication is the recommended authentication method for SQL Server because it is superior to Mixed mode because the user does not need to learn yet another password, and because it leverages the security design of the network.

What is the difference between Windows authentication and mixed mode authentication?

There are two possible modes: Windows Authentication mode and mixed mode. Windows Authentication mode enables Windows Authentication and disables SQL Server Authentication. Mixed mode enables both Windows Authentication and SQL Server Authentication. Windows Authentication is always available and cannot be disabled.

What is SQL Server Windows authentication?

Windows authentication uses a series of encrypted messages to authenticate users in SQL Server. When SQL Server logins are used, SQL Server login names and encrypted passwords are passed across the network, which makes them less secure.


1 Answers

Windows auth will allow a more seamless authentication process, single sign on!

From the below article:

Disadvantages of SQL Server Authentication

  • If a user is a Windows domain user who has a login and password for Windows, he must still provide another (SQL Server) login and password to connect. Keeping track of multiple names and passwords is difficult for many users. Having to provide SQL Server credentials every time that one connects to the database can be annoying.
  • SQL Server Authentication cannot use Kerberos security protocol.
  • Windows offers additional password policies that are not available for SQL Server logins.

Advantages of SQL Server Authentication

  • Allows SQL Server to support older applications and applications provided by third parties that require SQL Server Authentication.
  • Allows SQL Server to support environments with mixed operating systems, where all users are not authenticated by a Windows domain.
  • Allows users to connect from unknown or untrusted domains. For instance, an application where established customers connect with assigned SQL Server logins to receive the status of their orders.
  • Allows SQL Server to support Web-based applications where users create their own identities.
  • Allows software developers to distribute their applications by using a complex permission hierarchy based on known, preset SQL Server logins.

Here is a good article on the pro's/con's for each. http://technet.microsoft.com/en-us/library/ms144284.aspx

like image 194
Dustin Laine Avatar answered Sep 30 '22 08:09

Dustin Laine