A while back I received an email from a developer who needed to access several databases on a server because not having access was a ‘wall to his productivity’. Well, I am not about to stand in anyone’s way of being productive, so we worked on getting him the access he needs. Of course, I was intent on doing the crazy thing, as always, and only giving him the access he needed. After all, Microsoft preaches to us to only give the least amount of privileges necessary. Why is that anyway? The developer then sent back a list of databases that he needed to have direct permissions to, which included master, model, msdb, and tempdb.
That got me thinking, and yes it hurt my head. Why all the security around here anyway?
So, I have decided to change all of my ‘sa’ passwords to blank. I doubt it will take much for me to convince management that this is a good idea. After all, it would be tearing down those walls, which can only be a good thing, right? I think that opening up our servers to all developers, as well as business end users, can only be a good thing. There is a volume of data to be mined around here, and we need to start handing out some shovels.
Think about it. No longer would myself or my team ever be bothered with someone not being able to log in. Not only would we make the ‘sa’ password blank (or null), but we would give any authenticated user, as well as ‘guest’ sys admin access as well. That way, everyone would have all the access they need, no matter how they try to get at the data.
I know what you are thinking. That handing out such access is a crazy idea. Well, how can it be so crazy if people still develop applications and expect to be able to connect as ‘sa’, or expect to have sys admin rights when they go to production? Since there seems to be many of those people out there (not in my shop, but in other shops I have been told), then clearly I am crazy for thinking the opposite.
Ready for the part that is so crazy it just might work? Well, in this day and age, who would think that anyone would have a blank or null ‘sa’ password? No hacker would ever try something so simple, so having those passwords would make the system even more secure. And we could even build in some functionality such that after three failed login attempts you get in anyway. Hackers usually quit after one or two attempts because the last thing they want to do is lock up a system login.
So, we open up access to everyone. To protect other important system functions, I will issue a series of ‘DENY’ statements to the logins. That way they will get the access to the data, but not be able to make any additional modifications to the databases or the server settings. Sure, it may be extra work, but nothing worthwhile is ever easy. And in the end, I will have done my part to tear down that wall.
Crazy,
What is really cool is that lots of books and training classes teach developers to use sa with a blank password to build connection strings. I think you are on to something!
MidgetDBA
Hold on, I’m trying to process what I just read. We’re not giving this guy access right? He didn’t even offer a beer.
Brandon,
Actually, we *did* give him access, just not sysadmin access, so he complained that we were impeding his work. He sent the note to his manager, who quickly ascertained that we were, indeed, being assholes for following the same standards and policies that we had in place for years and decided to complain to my manager.