Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
homebrew
Posting Yak Master
114 Posts |
 Posted - 2008-10-03 : 11:10:41
|
| I've started a new position, and now that I've got the backups straightened out, I need to tackle security. We have a mix of 2000 and 2005 environments, and security is pretty lax. There are applications that connect using 'sa'. I don't know what type of connection string they use. There are several developers with sysadmin rights, who create databases as needed. They need databases frequently for individual clients that we take on work for. Later they will get archived & removed.There are no standards or audit trails for pushing code to production and making DB changes.Practically all logins are created individually on each SQL server (mostly windows accts, a few SQL logins), but virtually no AD Groups for SQL.So, I think I know where I'd like to be, but wonderinging if anyone has any suggestions about what should be accomplished, and how to do it carefully without breaking any existing applications, or stepping on toes too much. TIA |
|
|
TG
Master Smack Fu Yak Hacker
6065 Posts |
Posted - 2008-10-03 : 13:30:29
|
| some thoughts:I would first put together a document that outlines your objectives then get the "main players" together in a room (or at least your boss) to let them see where you'd like to be. Nobody likes surprises. Hopefully that will include seperate environments. At least Dev and Prod but ideally a QC/Acceptance thrown in there too. Your plan can cover a few areas, one being a defined development cycle that would describe who does what where, who has access to prod, and how a project moves through the cycle. Another area would be your new application security policies. You may want to ask for input from developers as to what kind of effort would be involved to implement your proposed changes. That way they can be "introduced" to what changes are coming and have some input/control on how that happens.Be One with the OptimizerTG |
 |
|
|
|
|
|
|
|
Securing SQL: Currently It's Pretty Wide-Open !