Use of sinvle DB Role account

  • In my current position I am the sysadmin and DBA for a group of applications that run on a web server farm and a clustered SQL 2000 backend. My question for the group is one about standards and best practices as I have limited experience in a large development shop.

    All of the apps are .NET. Most of the apps were written by one group and they have used the same UID and PW for connecting to SQL for all of the applications. This account is not set up as an application role but as a regular user who is a member of db_datareader and db_datawriter for each application database.

    User security is handled through one of these databases which serves as a centralized authorization point. For example, Bob logs in to application A. Application A passes his credentials to Application Z which checks his password and returns his UID and group membership. Application A then determines Bob's access level.

    I'm wondering if using the same UID and PW for the "application role" on all of the apps is a good practice or not and why.

    Thanks!

    -- J.T.

    "I may not always know what I'm talking about, and you may not either."

  • This was removed by the editor as SPAM

  • It's both good and bad. Centralized access means an easy change to disable an account, reset a pwd, etc.

    It's bad because stolen credentials mean access to anything. Not unlike the sa account pwd.

    I don't think it's a bad idea and it does simplify things.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply