December 18, 2006 at 6:07 am
A bit of back ground first.
I have an environment of some 1300 sql2k servers and an application that has the SA password hard coded so everyone has access to the password and can do what ever the hell they like, whether they know what they are doing or not. I cant impose any security but want to limit the amount of damage our customers and staff can do.
the question.
is there any way i can remove the sql management tools (QA and EM) remotely and quickly or am i destined to spend a good portion of next year uninstalling and reinstalling sql2k without the management options selected at install?
also
has anyone changed the SA password across such a large number of servers an how did you do it.
yours in hope
Jon
December 18, 2006 at 6:23 am
Perhaps the vendor knows if the systemadministrator rights are required ( or only db_owner rights).
You could also explain this huge risk to the management side.
(Someone changing the password -> application won't run, non-reliable data, accidental deletes...).
Run profiler traces to capture sa-statements?
December 18, 2006 at 6:30 am
Unfortunately the vendor happens to be us as well.
Management dont see the risk because they dont want to see the risk with its associated cost/risk.
December 18, 2006 at 7:41 am
While it's a bad practice and could prevent you from selling the product in some cases, especially where Sarbanes Oxley is being taken seriously, you're right. Ultimately it's a management decision.
I'm not sure that you're limiting access or issues at client sites since many of them will be admins or need to be SA regardless so they can administer their servers. And if they use it for admin, or allow anyone to know the pwd, then are you preventing anything by changing the pwd or causung issues with your application?
I'm not sure you are.
I'd let issues arise; maybe then management will make the change in the application. Or find some developers that understand how to code.
December 19, 2006 at 6:46 pm
Do you have 1300 SQL 2K Servers or do you have 1300 clients connecting to a single server?
Is it a single application using the sa account? Why would you give out the password? Can you not set this in a configuration file or something?
It would be best to find a solution and estimate the budget for it before you present this to the management.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply