Eric M Russell (6/25/2013)
djackson 22568 (6/25/2013)
I agree that developers need to get better at using proper techniques.That said, companies are the real root cause of poor software. The opposition to allowing time to code, test and validate is the largest issue. I know a lot of developers that WANT TO write better code, but are not allowed to.
Developers may be a members of DBO or even SYSADMIN when they login to development database using their domain account. They need that for creating tables, procedures, etc. However, when unit testing or performing QA, they should login using a seperate account that has the same name and least privillages as the application account (should have) in production. If testing is not done under a least privillage account like this, then many organization will punt and grant full DBO or SYSADMIN rights to the application account.
Yep.
My organization is engaged in upgrading to Windows 7 due to XP support ending next year. (Note the guy in charge was not even aware of this until I brought it up!) The majority of our applications were built and sold to us requiring the end user be a local admin on the PC. They will not support us if there are issues unless the user is an admin, and in most cases, the app will not function without those rights.
We can blame the vendors, and they do have some responsibility for the poor design, but we also need to look at Microsoft recomendations over time. Back in the 3.1 days, INI files stored user preferences. Microsoft changed to recommend using the registry. As security became more of a front line issue, they changed recommendations again.
Basically there are a number of reasons why things are so bad.
Dave