Hi, our objective is to make our application FIPS
compliant. One of the
procedure accepts username and password
as parameters and does a CREATE LOGIN
call. But with FIPS
, if we pass the password
to the procedure in clear text
format, it will be a violation.
Can you suggest any other method of passing the password to the procedure
and still be FIPS compliant? Or any other way to achive the same result?
Also want to know that when SQL Server Management Studio opens a connection
using sql user and password, how is the password sent to the SQL Server? Is
it in clear text? In other words, is SQL Server Management Studio FIPS