July 31, 2014 at 4:26 pm
GilaMonster (7/31/2014)
Michael Valentine Jones (7/31/2014)
The last vendor I had to deal with had an application that required the use of a specific SA password to connect to the database on a specifically named (non-default) instance. Having an application use a hard coded SA password is really bad security, but it's just some medical application, so no big deal. :crying:...
Another vendor application (for a building security system) required the use of a blank SA password so I guess it can always get worse.
That's when you rename the sa login to something which sounds useless, disable it and create a new login called 'sa' with just the permissions you want it to have.
Want sa? Sure, just gimme a couple minutes...
RickRoll them in the best way possible.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
July 31, 2014 at 5:19 pm
Luis Cazares (7/30/2014)
Don't forget to use NOLOCK hints on all your queries and never ever run DBCC CHECKD, update statistics or rebuild indexes. You might encounter a lot of objects locked during this operations.:hehe:
PS. Just to make it safe for anyone lurking in here, this is just humor.
Nah... WITH(NOLOCK) is old hat and too much work. Just set the entire server isolation level to "Read Uncommited". :-):-D:-P:hehe:
To reiterate... "Just to make it safe for anyone lurking in here, this is just humor."
--Jeff Moden
Change is inevitable... Change for the better is not.
July 31, 2014 at 5:22 pm
Grant Fritchey (7/31/2014)
Sarah Wagner (7/31/2014)
I hired in to a software company and sad to say we were one of those vendors. Gladly we are not anymore as I rewrote all of our recommendations to clients documentation. A little education goes a long way. 🙂Thank you!
One down 678,342 to go...
BWAAAA-HAAAAA... there you go underestimating again. 😛
--Jeff Moden
Change is inevitable... Change for the better is not.
July 31, 2014 at 11:44 pm
GilaMonster (7/31/2014)
Michael Valentine Jones (7/31/2014)
The last vendor I had to deal with had an application that required the use of a specific SA password to connect to the database on a specifically named (non-default) instance. Having an application use a hard coded SA password is really bad security, but it's just some medical application, so no big deal. :crying:...
Another vendor application (for a building security system) required the use of a blank SA password so I guess it can always get worse.
That's when you rename the sa login to something which sounds useless, disable it and create a new login called 'sa' with just the permissions you want it to have.
Want sa? Sure, just gimme a couple minutes...
The medical application used several databases, so figuring out the permissions that the app required was just too much work to bother with switching the SA account. Since it was on an isolated named instance, I just let it be. Sometimes I just can't bother to care.
I actually liked that anyone with network access would be able to defeat the building security system by giving themselves access by direct updates to the database. 😎 That was a system that I discovered already "in place" running on an ancient notebook computer setting on the back of a rack in the computer room at a remote site.
August 1, 2014 at 2:01 am
"All my SSC forum answers come with a money back guarantee. If you didn't like the answer then I'll gladly refund what you paid for it."
Love it!!!!
August 1, 2014 at 2:46 pm
Alvin Ramard (7/30/2014)
Luis Cazares (7/30/2014)
Eirikur Eiriksson (7/30/2014)
Luis Cazares (7/30/2014)
Alvin Ramard (7/30/2014)
WAIT!!!! What kind of database MUST be repaired regularly???? :w00t:The one that is shrinked regularly?
Guess shrinked is the simple mode and shrunken is the full recovery mode
😎
Go ahead, make fun of my lousy english 😛
Actually, that might help me to remember the correct form.
Which form? The first normal form? 😀
No, the first normal form is surely scrincaþ (or scrinceþ, if databases aren't feminine) - or maybe scrinceð (or scrincað) or perhaps even gescruncan; even shrinked is a modern aberration, and anyway just the silly southern spelling of shrenkit; shrunk and shrunken are weird hyper-modern forms of schrunken and shronke. Nobody speaks English anymore. 😀
Anyway, "shrinked" (the southern spelling of "shrinkit") has been around for quite a bit more than half a millenium; but ignorant spelling and grammar pedants will claim it's a utterly wrong :angry: so that it's safer to stick to shrunk (past participle or adjective) and shrunken (adjective, possible past participle but not with "have" as auxiliary verb).
Tom
Viewing 6 posts - 31 through 35 (of 35 total)
You must be logged in to reply to this topic. Login to reply