May 11, 2004 at 12:27 pm
Hi,
I'm looking for SQL Server best pratices in a ISP enviroment. We have SQL Server database that has about 50 customer databases. My biggest concern is security but I'm also looking for other best practices as well. Anything that can help.
One of the things that is bothering me is that a single customer would be able to cripple the whole box with a very bad piece of code. (by accident or intentionally.) Is there any real way of preventing this without having to audit the code deployed by the client?
Another thing is SQL injection attacks, this is not my biggest worry since if the security is setup right the only database that would be affected is the customers own database and nothing else. Again one would have to resort to audits of the actual web application deployed.
Can anybody that worked in a ISP enviroment perhaps point out some the gotchas and provide some insight?
I remember reading something that Brain Knight worked for an ISP?? BTW, SQL Server for Experienced DBA's gave me a lot of cool tips regarding customising the permissions in a enviroment like this. A checklist type docuemnt would be great.
If a document like this is not available perhaps we can throw one togheyther so let the ideas come. Also keep in mind the operating system.
Thanks!
May 11, 2004 at 4:45 pm
BK works for a large company that hosts apps for other companies. Not really an ISP, more of an ASP. I'll let him chime in there.
As for crippling the box, not easy to do. No governer on CPU use by a thread. You can place limits for long running queries, which may piss off some people, but will limit long running queries. If someone needs a large query, might make them pay for their own box.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply