Preview Mode Links will not work in preview mode

voiceofthedba's podcast


Welcome to the Voice of the DBA, thoughts from Steve Jones on databases, SQL Server, and life.

Apr 24, 2014

Would you post your password on a wall in your office? Of course not, because other employees, the cleaning crew, even guests walking around your office would be able to access your system with your account. When I read Brian Kelly's post on passwords in files, that's what I thought of. Sticking credentials in a file, where they're subject to any kind of search, is a bad idea.

However this happens all the time. Combine this with a few other "common practices" like using sa to connect to a database and building dynamic SQL, and you might as well just set blank passwords and invite someone to have fun with your database. It's sad that we continue to see these types of software development practices in 2014, and especially poor to see them from companies that sell software.

 

Read the rest of "Good Practices for Software Development" at SQLServerCentral.