locked
security impact: developers access to live database RRS feed

  • Question

  • Dear all,

    Thanks for reading this topic.

    We want to restrict the permisson of our developers to access our live database because we don't want our developers to modify live data directly. we had disabled their window authentication login. However they hold the sql server login for our application which is saved in web.confg file (asp.net application). Sometimes, they need to login to the our webserver to debug the web application. In this case, they are able to login to server by the application login which is what we want to prevent from. 

    Please share your idea with me. Thanks a lot.

    Regards,

    cn2500 

    Thursday, January 27, 2011 2:37 PM

Answers

  • So they need to connect to production at some times, but not regularly? If you can't change the application login password and keep the developers from using it, you might consider using the firewall on the SQL Server computer to block the developers domain credentials. That is, I assume that when they connect using the app password, they are still logged in using their Windows credentials, and the connection knows who is connecting, so the firewall could block them. Or even block all connections that aren't from the application computer, or some subset of authorized computers or users. There are some possible problems here. If they can connect through the app, instead of just with the app password, then Windows might think it's the app that is connecting. And when you do want the developers to connect, you would have to go disable the firewall rule, let them do their work, and then re-enable the firewall rule.


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
    Thursday, January 27, 2011 10:29 PM

All replies

  • I would set up a dev database and refresh it at a regular basis so the developers have what they need.  Letting developers into production data is a really really bad idea so change that password and limit the folks who can edit the web.config file to a few trusted admins.

    Thursday, January 27, 2011 7:21 PM
  • So they need to connect to production at some times, but not regularly? If you can't change the application login password and keep the developers from using it, you might consider using the firewall on the SQL Server computer to block the developers domain credentials. That is, I assume that when they connect using the app password, they are still logged in using their Windows credentials, and the connection knows who is connecting, so the firewall could block them. Or even block all connections that aren't from the application computer, or some subset of authorized computers or users. There are some possible problems here. If they can connect through the app, instead of just with the app password, then Windows might think it's the app that is connecting. And when you do want the developers to connect, you would have to go disable the firewall rule, let them do their work, and then re-enable the firewall rule.


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
    Thursday, January 27, 2011 10:29 PM