What counts for a DBA: Responsibility

  • Comments posted to this topic are about the item What counts for a DBA: Responsibility

  • There are actions we DBAs can take to prevent unauthorised intrusion and some we can't. We can't ensure that the server room remains unbroken into. Nor can we ensure that SQL Server remains unexploitable and unexploited. We can, however, ensure that our servers are patched and up-to-date, both OS and SQL Server.

    In regard to SQL Injection, we can but insist that the programmers verify all inputted data but we can't proof everything that they write. We can lay down rules for access to the DB servers. What we can do is assign the application user a public role with explicit access to the application-specific stored procedures it needs to do its job. We can assign a specific schema for objects the application may use. If the application is cursed with Entity Framework, we can allow specific read and write rights to specific tables and or columns where appropriate. Under no circumstances, do we assign it dbowner or SA roles.

    We can take a paranoid attitude to login and user rights. No one outside the DBAs gets write rights or alter rights on production DBs unless explicitly authorised by the board of management. We can ensure that sensitive data or sensitive databases are encrypted, for our safety as well as that of the datas'. We can check often (and not regularly) who has what rights to what DB-servers and DBs.

  • Us developers can support our DBA chums by accepting and self-enforcing SQL coding standards whether we agree with them or not (they are usually well thought out and the pros and cons have been considered). We developers should engage with our friendly DBAs in order to ensure that the security of the overall system is considered as well as the component parts. There is room for debates and disagreements in principle but no room for disagreements in implementation.

    We must each consider ourselves as links in a chain and play our part which includes working with the other links.


    -- Stop your grinnin' and drop your linen...they're everywhere!!!

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply