Developers/Production Security

From: Marc Miller (mmiller@epix.net)
Date: 03/19/03


From: "Marc Miller" <mmiller@epix.net>
Date: Wed, 19 Mar 2003 08:02:53 -0500


       I am developer, somewhat new to SQL Server. In one of my first
endeavors in T-SQL programming,
 I am making use of sprocs and xsprocs that reside in MASTER and MSDB, most
notably xp_cmdshell
 (for FTP's) and xp_fileexist.

    When I requested to have my app put into production, my DBA has conveyed
his concern in granting
me the ability to run xp_cmdshell, since it exposes server administration.
He has created a
proxy account to allow my developer role to do this in production.

    My question, I guess, is what type of security is usually granted to
programmatic roles, that is for sprocs
that run background processes and have the userid and passwords embedded in
the calling code? I use
.NET and Visual Fox Pro for front ends. Are there alternatives,
programmatically, to using xp_cmdshell, etc.?

    I don't want to go at loggerheads with the DBA ( I want to be friends
8-)!), but I don't feel that he has the scope
of the programmer's needs and I don't have the scope of the administration
of the DB.

Thanks much for any input,
Marc Miller
Commonwealth Telephone Company

"I have not failed. I've just found 10,000 ways that won't work." - Thomas
A. Edison



Relevant Pages

  • Re: Rene is a hypocrite (OK, what else is new?)
    ... I guess this means that Rene and his minions blew it again :-). ... > underscore can be used to make numbers appear more easy to read. ... misunderstanding of what programmers consider "good programming ... It is creating scope, ...
    (alt.lang.asm)
  • Re: struct problems
    ... because my previous programming experience made the assignment before ... at least three programming languages by copy-pasteing. ... that you are ONLY in the scope of functions. ... GNU C and disregard the limitations of other compilers. ...
    (comp.lang.c)
  • Ruby violates hallowed Structured Programming sophistries
    ... Before Object Oriented Programming, ... control flow to variable scope. ... Structured Programmers decry the mighty goto keyword, ... I am unaware if Ruby supports goto. ...
    (comp.object)
  • Re: Graphing problem
    ... programming methodology" is not an exaggeration? ... All other poor styles of doing Windows programming methodology emulate Petzold. ... No declaration of this variable is shown. ... The scope and lifetime of a variable should be as narrow as possible. ...
    (microsoft.public.win32.programmer.gdi)
  • Re: Regarding coding style
    ... I use single letter variables where their scope is very small. ... I even use them as class members ... Programming", Kernighan and Pike recommend using "descriptive names ...
    (comp.lang.python)