People are always concerned about Security when it comes to their data. I don’t blame them, I love keeping my job and I love to protect the sensitive data we store. You also don’t want someone with little SQL skills going in and running huge queries that bring the server to a screeching halt. In all honesty though, security has a HUGE aspect that is outside the realm of anyone’s technical expertise, it’s the “social factor” of security that is tricky.
I was notified by a colleague that individuals are giving out SQL Server Login passwords to contractors. Office politics can be tricky sometimes, so I have devised an email template to deal with such a situation. Make sure you replace my name with yours before sending it out and feel free to customize the seasonal aspects of the email (i.e. weather). May your trials with Social Engineering be successful!
Looks like today’s weather will be fantastic, I hope you all enjoy taking a break at lunch time and heading out to enjoy the last few days of nice weather before winter arrives. Speaking of winter arriving, it usually bring with it bitter cold that can crack the skin on your knuckles if you’re not properly protecting your hands with gloves.
Similarly, our databases need protection. They’re not affected by below 0c (32 F for you that refuse to use the metric system) temperatures. However, they still need protection from unauthorized access. As a general rule, we do not give out our passwords for SQL Logins to contractors. The reason for this is we can no longer track what they have access to because having the username and password for a SQL Login can give them access to multiple servers and environments. Some of you might be thinking “Ayman you’re an idiot, we can just change the password after!” You’re absolutely correct, and after changing the password we would have to change every application that has the password information in it 🙂 . We also do not give out these passwords to people outside of IT without explicit permission from upper management (not sure who that would be but now I’ve just covered my bases).
In conclusion, it’s a wonderful day. Let’s try to keep it that way by not giving out our passwords to Temps, Contractors, and non-IT folks. If they need access to something a request can be made via the SDE ticketing system.
Thank you for your time, patience, and co-operation. Enjoy your day!