Home/ Questions/Q 4564898
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T18:34:01+00:00

Hey I have a DB Settings in web.config as follows <connectionStrings> <add name=DBConnectionString connectionString=server=serverName;database=dbName;user=dbuser;pwd=dbpass;MultipleActiveResultSets=True;

  • 0

Hey I have a DB Settings in web.config as follows

<connectionStrings>
      <add name="DBConnectionString" connectionString="server=serverName;database=dbName;user=dbuser;pwd=dbpass;MultipleActiveResultSets=True;" providerName="System.Data.SqlClient" />
</connectionStrings>

Whats best practice for the username and password ? Is it best to just make up a stronger password i.e Iu5jku23 something like that ?

And then in SQL Server 2008 what are the best settings for the user at the moment my sql user has 

db_datareader
db_datawriter
db_owner
db_securityadmin
db_accessadmin

anyone ones I should remove ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Examples of Strong SQL Server passwords:

    • Does not contain all or part of the
      user’s account name
    • Is more than eight characters in
      length
    • Contains characters from at least
      three of the following categories:
    • English uppercase characters (A
      through Z)
    • English lowercase characters (a
      through z)
    • Base 10 digits (0 through 9)
    • Nonalphabetic characters (for
      example: !, $, #, %)

    As far as setting permissions, it really depends on how granular you want to get and how limited you want your attack surface area to be.

    Setting db_owner basically allows that user to do anything. So if this particular “account” only needs to read data and show it on a webpage, than datareader would be your best, most secure choice.

    So as most things, it depends on what you are doing.

    • 0