Re: Security Recommendations for a new DBA

From: Shelton (shelton72_at_dls.net)
Date: 09/30/03 

Date: Mon, 29 Sep 2003 22:54:53 -0500

Generally, I think it is a good idea to restrict developers from the
production server. This is dependent on your environment and the divsion of
responsibilities. Check out the SQL Server web site on security
http://www.microsoft.com/sql/techinfo/administration/2000/security/default.a
sp
and also take a look at the SQL Server operations guide.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/sql/maintain/operate/opsguide/default.asp

"Mike" <mlondon@unc.edu> wrote in message
news:u5RLOwohDHA.524@tk2msftngp13.phx.gbl...
> Hello all,
>
> I have a question about general security practices and how they are done
in
> the world. Currently we have 3 SQL servers (Production, Development and
> off-site backup). Production only has databases on it that are serving
out
> live application data. Development is used to create new databases and
then
> the web applications to connect to them.
>
> We have had, in the past, problems with developers having database
creation
> rights on the development server and creating the Dbases incorrectly, not
> notifying others of what they have created, or creating Dbases that are
> large and take up a lot of HD space. Because of this, we have set
> permissions to be at the Database level only for all the developers. All
> server level functions have been restricted to myself and my designated
> backup.
>
> What I was wondering is:
>
> 1) What are some general guidelines others use in determining levels of
> access (Server vs Dbase permissions) to SQL server?
> 2) What are the Pros and Cons of the Restrictions we have applied?
> 3) Do you have any recommended links or other materials that address this
> topic?
>
>
> Thank you so much for your time!
>
> Mike
>
>

Relevant Pages

  • Re: About FP, folder permissions, and sysops...
    ... Perhaps my "Shame, shame, etc.. ... Your contention was that ASP is some evil scheme to entice developers to use ... 4.> Even if you allowed an unmonitored FTP upload to your server ... Bob Lehmann ...
    (microsoft.public.frontpage.addins)
  • Re: Best configuration for a web developer
    ... I don't agree with you where you say the server extensions method was "clunky", but it does seem 999 out of 1000 developers didn't understand it, don't know how to set it up properly, and probably never will. ... Up to and including VS.NET 2003 the web developer model made a lot of sense and you could switch online/offline between remote and local IIS and all using HTTP. ...
    (microsoft.public.vsnet.general)
  • Re: concurrency, threads and objects
    ... Yes, for example in high performance server design, where the server should be able to handle between thousand and ten thousand transactions per second. ... Threads are very cheap in linux 2.6, when they changed the kernel thread model, they did a test where they created one hundred thousand threads. ... Its almost exclusively coming from java developers, but also from developers of other languages, although not as much. ...
    (comp.lang.java.programmer)
  • Re: CGI PHP vs. FastCGI vs. mod_php vs. application server?
    ... I'd rather know up-front what's available to raise performance ... system, fine-tune your database server, etc. ... FastCGI | mod_php) vs. Java as an application server. ... developers recommend FastCGI. ...
    (comp.lang.php)
  • Re: Maintaining ASP.NET Sites
    ... more and more websites to get from everything else and into .Net. ... All you small developers, forget ... Everyone that tried a large migration from VB 6 or ASP ... Windows Server. ...
    (microsoft.public.dotnet.framework.aspnet)