Post reply

What login should a DBA use for non-emergency work

  • September 14, 2010 at 11:02 am

    #1220847

    In my opinion, the sa account's password must be as complex as possible - and as less used as possible. For non-emergency work, the DBA's Windows login must be added to the SERVERADMIN role - almost as good as SYSADMIN, but not that good.

    As a standard practice, all users and applications must use Integrated Security, i.e. Windows authentication.

    SQL Server itself ships with some great roles - we should be making use of them based on the requirement; and if we can't we should have a limited permissions user role, and all the necessary users should be part of the role.

    Thanks & Regards,
    Nakul Vachhrajani.
    http://nakulvachhrajani.com

    Follow me on
    Twitter: @sqltwins

  • September 14, 2010 at 11:12 am

    #1220856

    steveb. (9/14/2010)

    torpkev (9/14/2010)

    My biggest annoyance with sa - quite outside of this discussion - is those people who use sa to connect to the database because they don't know any better - then they get a dba who gets to look at it 3 years later and find it saved in clear text in a hundred different places..

    agree totally with this, the sa account does get abused and it is not un-common to find it lurking around in .net config files in plain text.

    Indeed, it's amazing simple to find it lurking around in config files.

    Just Google the following:

    filetype:config +connectionString +"id=sa"

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 2 posts - 16 through 16 (of 16 total)

You must be logged in to reply to this topic. Login to reply