Please, Please, Clean Up Those Passwords
March 13, 2009
It took a long time.
It took too long.
We migrated an applications database from one old server to a new server.
As a small to medium business, you probably have software that uses a database. It can be anything from planning software (ERP) to financial software.
These software tools actually use their own login name and password to actually connect to that database and update the records that need to be updated when you use your application.
In this case, years ago, when this software application was originally programmed, if there was something that did not work properly, the user account name that the software code used to access the database was just given more and more security permissions.
With the graphical tools available today – it is just too easy to click the little button that says dbo or sysadmin.
The Reason its a problem?
As a manager in the SME space, you must understand that in the tech business – we call these dbo or sysadmin roles God Mode. (Or Goddess if you prefer)
And they are called God Mode for a reason;
They are the all powerful accounts that let their owners completely delete, or destroy every database application that you have if they so desire.
They have the power to create, and the power to destroy.
The obvious first risk is that a malicious hacker or virus type program could easily destroy everything if it can manipulate that account.
But don’t forget that humans make mistakes too.
A little mistake in some database code……
Well, you will then be running for those backup tapes.
Was the painful and time consuming process of combing through everything and putting those security permissions back to what they should be – and that is not God Mode.
The SMB Takeaway
As smaller organizations, we are often more at risk from this than larger businesses because they may have dedicated software development managers and processes.
So make it a regular practice to communicate to your IT staff or supplier that you want security best practices adhered to in any project that you initiate.
You can subscribe to this blog by clicking the RSS icon on the Home Page!
Photo Credit: Jean via gather.com