December 3, 2009 at 8:32 pm
Hiya all.
I have been helping a bunch of consultants set up a Finance ERP system here at work. When the tech showed up to do workstation installs, they wanted to use sa as the database login for the app. When I questioned whether this was good practice, they informed me that they always did it this way and that most companies didn't use their SQL Server to host databases other than theirs.
Has anyone else seen this happen with large commercial system installs??
December 3, 2009 at 9:08 pm
Yes. I have seen them try that with apps we bought being installed on my db servers. If you kick back hard enough, they will find a way to make the install work without sa. Some companies you have to kick a little harder than others - but it is well worth the kicking.
The reasoning they use that the db server usually only houses their db is hogwash as a reason to use sa to install their app.
Their lack of proper coding and security practices in a database does not constitute an excuse to use SA to install.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 4, 2009 at 2:32 am
Jason is absolutely right. Under no circumstances allow them to do this. Firstly them saying they always run on their own SQL iinstance is rubbish and more likely a revenue generating tool then anything else (but as J points out it also allows them to have crud security and theoretically only effect themselves). So why not run on 2005express.
If something in the future goes wrong and every user has SA (God access), then a rogue user could completely scupper your db and you'd be left trying to explain why you allowed a solution with such dangerous security vulnerabilities go live.
Good luck.
Adam Zacks-------------------------------------------Be Nice, Or Leave
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply