COMMAND

    SQL

SYSTEMS AFFECTED

    MS SQL Server 6.0 and 6.5

PROBLEM

    Stephen Wyatt found following.  He came across an  issue regarding
    Microsoft SQL  Server 6.0  and 6.5.   SQL Server  has a management
    tool called  SQL Explorer  (used to  manage the  server).  If your
    SQL Server  is set  to use  normal userid/password  authentication
    and not integrated NT authentication, Explorer stores your  userid
    and password in clear text. (6.0  stores it in a file in  the same
    subdirectory of the  software, 6.5 in  the HKCU's registry  hive).
    Paul Keister checked this out  and the password is visible  in his
    registry  as  clear  text  inside  a  binary  block.   However the
    product name of  this management tool  is SQL Enterprise  Manager,
    not SQL Explorer.

SOLUTION

    Using NT Authentication  prevents the issue  completely.  SQL  7.0
    eliminates the possibility of using Basic Authentication for  this
    purpose, relying  entirely on  NT Authentication.   Ergo Microsoft
    feels they have  addressed the problem.   So, a workaround  exists
    (use NT  Authentication only  or unregister  servers before exit),
    and a fix has  been made to the  next version of SQL  server (i.e.
    SQL 7.0).