Hiding System Stored Procedure and Command Password Parameters

System stored procedure and command passwords can be replaced with asterisks in audit records.

When auditing is configured and enabled, and the sp_audit option 'cmdtext' is set, system stored procedure and command password parameters are replaced with a fixed length string of asterisks in the audit records contained in the audit logs.

For example, execute:

sp_password 'oldpassword', 'newpassword'

When auditing is enabled and sp_audit cmdtext is set, the results in output are similar to:

sp_password '******', '******'

This protects passwords from being seen by other with access to the audit log.