Clients can sometimes be the bane of ISVs. They are important for sales, and ongoing revenue, but quit a few of them will also cause problems and issues with our applications. Not that ISVs build the best applications, but they know how things work. Internal IT staffs sometimes cause extra work by mucking around with code.
I noticed a post from an ISV awhile back asking if there was a way to remove Windows authentication. Most of us know that we can't remove it, and it concerned me a bit that an ISV didn't know this. The poster wanted to know if we could make the database more secure, potentially limiting the ability of a client to muck around with the database.
Whether you think that' s a good idea or not, I wonder if there is value in changing the security model for SQL Server. For an interesting Friday poll, take a step back and rethink things and answer this question:
Would you like the ability to remove Windows Authentication?
In practical terms this would be a simple change of the radio buttons on the security tab from 2 options to 3. We'd then have:
- Windows only Authentication
- Windows and SQL Authentication
- SQL only Authentication
In this case we could possibly only connect with a username and password to the database server. I haven't really come across the need to do this myself, but what about in embedded software? Those places where you are installing a database in a potentially hostile environment? What If you could use TDE to encrypt the files and then only allow name/password access, or possibly only through some integration with a type of smartcard or other hardware device?
I'm not sure if this is a good idea or not. I know that it's not recommended, and there are some good arguments in this blog post about why Windows auth is a good idea. Give us your opinion this Friday and maybe it will get added to a future version of SQL Server.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. You can also follow Steve Jones on Twitter:
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
