• Repost - originally posted 20-05-2012

Changing the sa login for improved security


This is just a simple tip to improve the security of your SQL Server installation.

If you can, you should try and rename the sa login. It may be as simple as XXX_sa. This will just stop anybody trying to break in using the well known sa login. It may be difficult on existing installations, but your applications should not be using any account with full sysadmin privileges. This is a way of forcing a change in those applications to use their own logins with less privileges. At most an application login should only be the dbo of the database, preferrably with less privileges than that.

Another method for achieving this improved security is to disable the sa login entirely. If you are going to do this, remember to have at least one login with full sysadmin privileges - as you never know when you will need it.

If you rename the sa login, then you can always create a 'dummy' sa login. This could be used as a honeypot or for placating vendors, developers etc who think they need the sa login, but in reality could use a less privileged login.


Recent Posts

See All

Migrating SSIS packages to AWS

We are currently migrating a large amount of SSIS packages (SQL Server 2008R2) to SQL Server 2016 at AWS. It has been a learning exercise to get these packages running. What we have learnt (so far) is