Would you post your password on a wall in your office? Of course not, because other employees, the cleaning crew, even guests walking around your office would be able to access your system with your account. When I read Brian Kelly's post on passwords in files, that's what I thought of. Sticking credentials in a file, where they're subject to any kind of search, is a bad idea.
However this happens all the time. Combine this with a few other "common practices" like using sa to connect to a database and building dynamic SQL, and you might as well just set blank passwords and invite someone to have fun with your database. It's sad that we continue to see these types of software development practices in 2014, and especially poor to see them from companies that sell software.
There is so much information out there on building software that is of higher quality and is much more secure. However all too often I find developers just aren't implementing these practices. There are probably a myriad of reasons why, and I wish we had more ways to better train people, disseminate the information, and enforce it's use.
Ultimately we can only do what we can. However I'd encourage those of you that see poor practices taking place to have a word with the developer (internally), or send a note to the vendor. If it's more important to make a few more dollars than implement better practices, I'd encourage you to publicly call some attention to the matter. Maybe a little exposure to the dark side of software development will pressure managers to require more secure work over time.
Optimize your queries—and obtain simple and elegant solutions to a variety of problems—using window functions in Transact-SQL. Led by T-SQL expert Itzik Ben-Gan, you’ll learn how to apply calculations against sets of rows in a flexible, clear, and efficient manner. Ideal whether you’re a database administrator or developer, this practical guide demonstrates ways to use more than a dozen T-SQL querying solutions to address common business tasks. Get your copy from Amazon today.
Yesterday's Question of the Day
(by Steve Jones):
What is the amount of free disk space required for your durable memory-optimized tables?
Answer: twice the size of the table
The requirements state that you need twice the size of your durable memory-optimized table in free disk space.
SQL Azure with SSD's
- Hi -
Anyone running SQL Azure residing on SSD's?
I have a very volatile OLTP environment that we'll be splitting up...
Help me out
"Free disk space for that is two times the size of your durable memory-optimized tables."
[u]Under Important Notes:[/u]
"The total in-memory...
Odd Results from an Indexed JOIN Column
- Hello there! Starting off with some DDL...
CREATE TABLE #AgentSession(
[sessionId] [int] IDENTITY(1,1) NOT NULL,
[dirSrvSessionGuid] [uniqueidentifier] NOT NULL,
[serverId] [int] NOT NULL,
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.