With MS SQL Server you can set the type of authentication to be used to validate users that connect to the server. The following types of authentication are available for the SAP system:
For ABAP systems we recommend you to set authentication to Windows only. This means that the SAP system and users who connect to the database must have Windows accounts and are validated on the basis of information stored by the operating system.
For Java or ABAP+Java systems you must set authentication to the mixed SQL Server and Windowsauthentication mode. This means that the Windows operating system or the SQL Server itself can perform the validation of users connecting to the database. If a user logs on with a Windows account, validation is based on information stored by the operating system. If a user logs on with an SQL Server login account, SQL Server checks the existence of the account and the correctness of the password.
Security Loophole
When you set the mixed authentication mode anyone who knows the password of the SQL Server login SAP<SAPSID>DB or <sapsid> or sacan connect interactively to SQL Server. Remember to set a strong password for the saaccount.
Procedure
To check the authentication mode, proceed as follows:
The Server Properties dialog box opens.