How to keep developers out of Production?

From: "Walt Z" <walt99z@xxxxxxxxxxx>
Date: Wed, 1 Mar 2006 15:32:04 -0700

We're re-evaluating our security approach to better comply with federal
regulations. Right now, individuals have permissions on tables. We're
looking at moving to Application Roles.

However:
With app roles an application has to know the role's password, which means
the developer of the app has to know the password. This is fine in our
development environment, but not in our certification or production
environments.

I've been racking my brain trying to find a way that the app role can have
different passwords in the three environments, and only let the developer
know or be able to determine the development password. Everything I've come
up with ultimately has a password or decryption key embedded in the
application, which means the developer has access to it.

So, my question is: How can I use app roles and keep developers out of
Production???

.

Prev by Date: Re: What is "via group membership"
Next by Date: Re: xp_cmdshell without proxy acoount
Previous by thread: Re: xp_cmdshell without proxy acoount
Next by thread: How to separate users in one database (MSSQL 2000)
Index(es):
- Date
- Thread

Relevant Pages

Re: Apple Windows iPhone 7 Reinvention, Now This...
... which was uniquely created by the developer. ... Apple didn't steal anything. ... >> developer's work via it's own app store process, ... > How is Apple's contract any different from Nintendo's, Sony's, ...
(comp.sys.mac.advocacy)
Re: The curse of constant fields
... production branch, EAR construction etc) for a reasonably important J2EE app I am pretty fanatic about sanitizing everything prior to an official build. ... our environment it would be unrealistic. ... Because a lot of time can be wasted if a tester reports that an error is still there, and then it's a question of is the error still there because the build is flawed, or because the developer who "fixed" it only fixed it for a different use case or in his own development environment. ...
(comp.lang.java.programmer)
Re: Are ASP.NET user interfaces essentially dead now?
... How does "clickonce" solve the problem up version updates? ... takes longer to develop ASP.NET interface than a windowsform app ... > developer can choose how they want to communicate -- direct to SQL ... using winforms requires that the client has the .NET framework ...
(microsoft.public.dotnet.framework.aspnet)
Apples FCC Response Infuriates Google Voice App Developer
... Apple's FCC Response Infuriates Google Voice App Developer ... He also suspects Apple is being more ...
(comp.sys.mac.advocacy)
Re: Are ASP.NET user interfaces essentially dead now?
... proper care and then there is jumping thru hoops, you want to avoid the hoop ... takes longer to develop ASP.NET interface than a windowsform app ... developer can choose how they want to communicate -- direct to SQL servers, ... I see Winforms doing the major amount of interface work and leaving the web ...
(microsoft.public.dotnet.framework.aspnet)