96 Chapter 3 SQL PASSWORD SECURITY Summary One of the biggest problems in today's IT world is that once you have created your nice secure passwords, how do you track them? Those usernames and passwords are probably going to be documented somewhere, typically within an Excel sheet that is kept on a network share so that all the database administrators within the group have quick and easy access to them. However, by doing this you now have placed all the passwords that you have taken the time to ensure that are strong and secure within your web.config and app.config files are easily readable and usable by anyone who has access to the network share. Typically, not just the database administrators would have access to the network share. In addition to the database administrators, the SAs, backup software, and monitoring system would all have access to the network share. And this is in addition to whoever has found the lost backup tape for your file server. In other words, be sure to store that password list in a nice, safe place and not in the public arena available to everyone to read and network share. References Choosing an Authentication Mode. (n.d.). Microsoft TechNet: Resources for IT Professionals. Connecting to the Database Engine Using Extended Protection. (n.d.). MSDN j Microsoft Development, Subscriptions, Resources, and More.