Use ALTER LOGIN to change User's own Password

Question

I have a stored procedure that runs the following:

\'ALTER LOGIN \' + @Login + \' WITH PASSWORD = \'\'\' + @Password + \'\'\'\'

I get the f

Answer 1

I think to perform an ordinary password change for a user, who doesn't have ALTER ANY LOGIN, you must supply the OLD_PASSWORD parameter also. This would match the example from the older sp_password stored procedure:

The following example shows how to use ALTER LOGIN to change the password for the login Victoria from B3r1000d#2-36 to V1cteAmanti55imE. This is the preferred method. User Victoria can execute this command without additional permissions. Other users require ALTER ANY LOGIN permission:

ALTER LOGIN Victoria WITH 
     PASSWORD = 'V1cteAmanti55imE' 
     OLD_PASSWORD = 'B3r1000d#2-36';
GO

Answer 2

You can have your application run as a user with sufficient rights. For that, you would create a service account for the application in SQL Server, and then have your application run as that user.

However, it might be better to create a Users table for your application and manage this data there, rather than allowing your users direct access to altering logins.