Editorials, Encryption/Data Security, Townsend Security

Accidental DBA Tip

Accidental DBA Tip
One of the most important tasks of an Accidental DBA is to assure that access to your database is set correctly. Developers naturally build applications using the least restrictions possible when connecting and manipulating a database so that they can rapidly develop applications.

Often they use an account to connect to the database server having administrative privileges. If they don’t go to that extreme, then they will often use an account with powerful credentials, and associate that account to the Database Owner schema, granting them full control of the database.

Before we start attacking developers and calling them names we must respect the fact that they are trying to get their job done with the least disruption possible. If you are an Accidental DBA, you may likely have been, or still are, one of those developers.

So, today, one of your top priorities is to determine what accounts are being used to connect to your production database servers (and maybe even other areas). Granting a connection too much power is opening up your database servers and other servers to undesired attacks.

For SQL Server, If your servers are participating in a Domain (Active Directory) , consider using Doman group accounts when granting access to your systems. If not, you can use local groups on the database server. By using groups to grant permissions, you reduce the amount of work necessary to add new users access to your database systems. Simply adding a new user to the appropriate server group or domain group, and they should then have the appropriate permissions.

It is not my intention to provide instructions here…there are plenty of blogs out there with detailed instructions for your specific data engine. My intention is to prompt you to address this issue if you do not already have it under control.

We haven’t been doing much in the way of Accidental DBA tips for a while. If you find this kind of input valuable, feel free to drop me a note at btaylor@sswug.org . As you probably noticed, our site has expanded scope of editorials to consider many more areas than databases. We have had content for development for years. But now we are even more flexible in the daily editorials as well. If you have a favorite topic you’d like to see us review, again, please drop me a note.

Cheers,

Ben

$$SWYNK$$

Featured Article(s)
Some SQL Tricks for the DB2 Developer
It is always a good idea to keep your bag of SQL tricks loaded with techniques to help solve some of the more common or troubling application development problems.

Featured White Paper(s)
Encryption & Key Management for Microsoft SQL Server 2008
Written by Townsend Security

Simplify encryption and key management on … (read more)