Developers/Production Security

From: Marc Miller (mmiller@epix.net)
Date: 03/19/03


From: "Marc Miller" <mmiller@epix.net>
Date: Wed, 19 Mar 2003 08:02:53 -0500


       I am developer, somewhat new to SQL Server. In one of my first
endeavors in T-SQL programming,
 I am making use of sprocs and xsprocs that reside in MASTER and MSDB, most
notably xp_cmdshell
 (for FTP's) and xp_fileexist.

    When I requested to have my app put into production, my DBA has conveyed
his concern in granting
me the ability to run xp_cmdshell, since it exposes server administration.
He has created a
proxy account to allow my developer role to do this in production.

    My question, I guess, is what type of security is usually granted to
programmatic roles, that is for sprocs
that run background processes and have the userid and passwords embedded in
the calling code? I use
.NET and Visual Fox Pro for front ends. Are there alternatives,
programmatically, to using xp_cmdshell, etc.?

    I don't want to go at loggerheads with the DBA ( I want to be friends
8-)!), but I don't feel that he has the scope
of the programmer's needs and I don't have the scope of the administration
of the DB.

Thanks much for any input,
Marc Miller
Commonwealth Telephone Company

"I have not failed. I've just found 10,000 ways that won't work." - Thomas
A. Edison