When auditing is configured and enabled, and the sp_audit option 'cmdtext' is set, system stored procedure and command password parameters are replaced with a fixed length string of asterisks in the audit records contained in the audit logs.
For example, execute the following when auditing is enabled and sp_audit cmdtext is set:
alter login johnd with password oldpasswd modify password 'newpasswd'
The command results in output similar to:
alter login johnd with password ****** modify password '******'
An example of the stored procedure sp_addlogin when auditing is enabled:
sp_addlogin test2,secret go select event,extrainfo from sybsecurity..sysaudits_01 where event = 92 go
The auditing record results in the output:
event extrainfo
-------------------------------------------
92 ; sp_addlogin test2,******
This protects passwords from being seen by other with access to the audit log.
