How can we help you today? How can we help you today?

Error Code 850 with PASSWORD parameter

Peter,

I just noticed that the value of the PASSWORD parameter shows up in plain text for both the LOG_ONERRORONLY and MAILTO_ONERRORONLY destinations when the SQL Backup command generates an error code of 850. Conversely, for example, when the command generates an error code of 600, the value for the PASSWORD parameter is masked ( PASSWORD = 'XXXXXXXXXX') by the logging mechanism.'

This seems to represent a possible security problem. Also, I would be happy to email the specifics to you directly if that would help.

Regards,

-Mike Eastland
meastland
0

Comments

2 comments

Sort by
  • Chris Auckland
    Thanks for your post and I hope you don't mind me replying on Peter's behalf.

    I agree that having the password in the error log probably isn't very safe. However, you can supply the backup password encrypted. e.g.

    PASSWORD = ''<ENCRYPTEDPASSWORD>o5Y6c8LmZGHkzaw=</ENCRYPTEDPASSWORD>''

    This encrypted string can be created when you generate the job script through the GUI. This is also preferable to storing the non encrypted password in the SQL Agent job.
    Chris Auckland
    0
  • petey
    Patch 6.5.2.6 addresses this issue somewhat. When there is a syntax error, we can't really tell for sure which element represents what, so this is only a best guess as to where the password lies.

    You can download the patch from here:

    ftp://support.red-gate.com/Patches/sql_ ... _5_2_6.zip
    petey
    0

Add comment

Please sign in to leave a comment.