Security Rules

Security Rules

SQL Server 2000

  New Information - SQL Server 2000 SP3.

Microsoft® SQL Server™ logins, users, roles, and passwords can contain from 1 through 128 characters, including letters, symbols, and digits, (for example Andrew-Fuller, Margaret Peacock, or 13&#57abc). Therefore, Microsoft Windows NT® 4.0, Microsoft Windows® 2000, or Microsoft Windows 98 user names can be used as SQL Server logins.

However, because logins, user names, roles, and passwords are often used in Transact-SQL statements, certain symbols must be delimited with double quotation marks ("), or square brackets ([ ]). Use delimiters in Transact-SQL statements when the SQL Server login, user, role, or password:

  • Contains, or begins with, a space character.

  • Begins with the $ or @ character.

    Note  It is not necessary to specify delimiters when entering logins, users, roles, and passwords into the text boxes of the SQL Server graphical client tools, such as SQL Server Enterprise Manager.

Additionally, a SQL Server login, user, or role cannot:

  • Contain a backslash (\) character, unless referring to an existing Windows NT 4.0 or Windows 2000 user or group. The backslash separates the Windows NT 4.0 or Windows 2000 computer or domain name from the user name.

  • Already exist in the current database (or master, for logins only).

  • Be NULL, or an empty string ("").

If used in an OLE DB or ODBC connection string, a login or password must not contain the following characters: []{}(),;?*! @. These characters are used to either initialize the connection or separate connection values.

Security Note  Use strong passwords. A strong password makes it more difficult for unauthorized users to break into a system by cracking the password. A strong password is at least seven characters long; contains a combination of letters, numbers, and symbol characters within the password; and is not a dictionary word, command name, person's name, or system user name. A strong password also is updated regularly and is significantly different from previous passwords.

SQL Server user names and passwords must follow the rules above when used in Transact-SQL statements and connection strings.

See Also

Delimited Identifiers

© 2016 Microsoft