Please, Please, Clean Up Those Passwords

March 13, 2009

It took a long time.

It took too long.

We migrated an applications database from one old server to a new server.

The Problem?

As a small to medium business, you probably have software that uses a database. It can be anything from planning software (ERP) to financial software.

These software tools actually use their own login name and password to actually connect to that database and update the records that need to be updated when you use your application.

In this case, years ago, when this software application was originally programmed, if there was something that did not work properly, the user account name that the software code used to access the database was just given more and more security permissions.

With the graphical tools available today – it is just too easy to click the little button that says dbo or sysadmin.

The Reason its a problem?

As a manager in the SME space, you must understand that in the tech business – we call these dbo or sysadmin roles God Mode. (Or Goddess if you prefer) 

And they are called God Mode for a reason;

Devi

Hindu Goddess Devi

They are the all powerful accounts that let their owners completely delete, or destroy every database application that you have if they so desire.

They have the power to create, and the power to destroy.

The obvious first risk is that a malicious hacker or virus type program could easily destroy everything if it can manipulate that account.

But don’t forget that humans make mistakes too.

A little mistake in some database code……

Well, you will then be running for those backup tapes.

The Fix

Was the painful and time consuming process of combing through everything and putting those security permissions back to what they should be – and that is not God Mode.

The SMB Takeaway

As smaller organizations, we are often more at risk from this than larger businesses because they may have dedicated software development managers and processes.

So make it a regular practice to communicate to your IT staff or supplier that you want security best practices adhered to in any project that you initiate.

You can subscribe to this blog by clicking the RSS icon on the Home Page!

Photo Credit: Jean via gather.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s