Users and Groups

Privilege management in SQL Server is simplified by the use of a number of built-in security roles detailed in this section. It also covers the storage location of database users, and the method used to encrypt users' passwords.

Account Information

All user account information in SQL Server is stored in the sysxlogins table in the master database. The schema used is detailed here (byte sizes are shown in brackets):

srvid smallint(2)
sid varbinary(85)
xstatus smallint(2)
xdate1 datetime(8)
xdate2 datetime(8)
name sysname(128)
password varbinary(256)
dbid smallint(2)
language sysname(128)
isrpcinmap smallint(2)
ishqoutmap smallint(2)
selfoutmap smallint(2)

The accounts created initially during installation are sa (system administrator) and BUILTIN\Administrators, an account that grants system administrator privileges to any Windows account in the Local Administrators group.

Common Accounts

If the server is using native authentication, for convenience or to simplify interaction with other machines in the network, the sa account often has a blank password. In SQL Server 2000 it is somewhat more difficult to set a blank password during the install process than earlier versions, but it is still possible. The sa account usually has no password so that other applications on the network can easily integrate with the SQL Server — powerful logins like sa should always have a complex password set. The SQL Server worm Spida (http://xforce.iss.net/xforce/xfdb/9124), first ...

Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.