DBAsupport.com Forums - Powered by vBulletin
Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: What do you think about one username and Password for all database

  1. #1
    Join Date
    Jun 2000
    Location
    dumfries,va,usa
    Posts
    227
    Hi all,

    I'm trying to argue with my client that having one (dba) username and password for all the databases, from development thru test is not a good idea for security reasons. Could someone point me to any Best practices literature that supports my stance. Comments are also welcome for or against!

    Thanks,
    leonard905
    leonard905@yahoo.com

  2. #2
    Join Date
    Jun 2000
    Location
    dumfries,va,usa
    Posts
    227
    correction !! I meant from development to production. having one dba account username/password.
    leonard905
    leonard905@yahoo.com

  3. #3
    Join Date
    Feb 2000
    Location
    Washington DC
    Posts
    1,843
    Only One dba... I don't see the problem. If its DBA-Team then the passwords should be different for all the instances and the responsible DBAs for specific instances should know the passwords. If someone is gonna be backup for 'em they have to let 'em know the passwords and change the passwords as soon as they are outta backup responsibilities.

    Reddy,Sam

  4. #4
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    It depends on your environment. If you have more than one DBA group, then yes, you might be able to justify having more than one username/password. Of course, if all your DBAs in group1 are in a meeting, do you want group2 to be able to resolve problems on your database?

    A single username/password works in my environment. My DBAs are responsible for all instances in all environments; production, test, & development. Sure, I had a fight on my hands from the developers when I first put this plan in place. But in the long run, things are MUCH more stable because DBAs do the DBA work and developers write the code.
    Jeff Hunter

  5. #5
    Join Date
    Jun 2000
    Location
    dumfries,va,usa
    Posts
    227
    Thanks though.

    However I think I might have stated the question incorrectly! I mean One username/password for the DBA group for ALL databases. That is scott/tiger for dev, test, pre-prod,production, etc!!

    Thanks,
    leonard905
    leonard905@yahoo.com

  6. #6
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    Originally posted by marist89
    It depends on your environment. If you have more than one DBA group, then yes, you might be able to justify having more than one username/password. Of course, if all your DBAs in group1 are in a meeting, do you want group2 to be able to resolve problems on your database?

    A single username/password works in my environment. My DBAs are responsible for all instances in all environments; production, test, & development. Sure, I had a fight on my hands from the developers when I first put this plan in place. But in the long run, things are MUCH more stable because DBAs do the DBA work and developers write the code.
    Jeff Hunter

  7. #7
    Join Date
    Feb 2000
    Location
    Washington DC
    Posts
    1,843
    If DBA team doesn't give out the passwords, that should be okay. Its not gonna hurt... There are advantages and disadavantags... Simple example... I don't know another DBA password (as I don't deal with those databases), there was an emergency ? The Director left with no option than getting it done from his DBA with wait time...

    Its all depends on coordination between DBA-Team and depends on # of databases too... At some client sites there were around 18 databases (prod,qa,devt) on my head...outta 105 databases in the network. C'mon tell me whats the posiibility of having different passwords ?

    So its specific to specific scenario... but better to choose little cryptic passwords(includes numbers, symbols and capitals etc.,) than simple words..

    Reddy,Sam

  8. #8
    Join Date
    Jun 2000
    Location
    dumfries,va,usa
    Posts
    227
    I agree with you about the simplicity of managing the dbs. But doesn't this carry a lot of risk. What if someone gets the password; this person can wreck havoc of great magnitude to any of your databases from production to dev. I would think at a minimum, you should have a separate password for production.

    Thanks,
    leonard905
    leonard905@yahoo.com

  9. #9
    Join Date
    Feb 2000
    Location
    Washington DC
    Posts
    1,843
    Originally posted by leonard905
    What if someone gets the password;
    How someone gets the password without you giving him OR you writing some where OR allowing you to someone to watch while typing OR you hard coding it in any of your scripts with read privileges for others ??? Is this someone of your company staff/hacker ? you are worrying about...

    Reddy,Sam

  10. #10
    Join Date
    Jun 2000
    Location
    dumfries,va,usa
    Posts
    227
    let's say hacker, for augument's sake
    leonard905
    leonard905@yahoo.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width