Reply to post: "and thought it was ok to include the production password?"

First-day-on-the-job dev: I accidentally nuked production database, was instantly fired

LDS Silver badge

"and thought it was ok to include the production password?"

Nobody but the DBAs in charge of the production database should have had them. And each of them should have had separate accounts (because of auditing, etc.). Database owner credentials should be used only for database/schema maintenance - after the scripts have been fully tested (and at least a backup available). They should never be used for other tasks. Any application accessing the database must have at least one separate account with the only the required privileges on the required objects (which usually don't include DDL statements).

All powerful accounts (i.e. Oracle's SYS) should be used only when their privileges are absolutely necessary, and only by DBAs knowing what they're doing. Very few developers, if any, should have privileged access to the production system, and they must coordinate with DBAs if they need to operate on a production system for maintenance or diagnostic needs. DBAs should review and supervise those tasks.

But I guess they have followed the moronic script I've seen over and over (and stopping the bad habits usually encountered a lot of resistance):

1) Developers are given a privileged account when the application is first created, so they can create stuff without bothering the DBA.

2) Developers write an application that runs only with a privileged account, and doesn't allow separate database users (granting permissions to other users is a boring stuff, as writing stored procedures to control accesses to things). DBAs are happy because they have to work little.

3) The privileged account credentials are stored everywhere, including the application configuration files, unencrypted, so everybody knows them

4) The development systems becomes the production system. DBAs don't change anything because of fear something doesn't work.

5) Developers still retain access to the production system "to fix things quickly", and may even run tests in production "because replicating it is unfeasible".

6) DBAs are happy developers can work on their own so they aren't bothered.

7) Now that you have offloaded most tasks to developers, why care of backups? Developers will have a copy, for sure!

8) Then comes a fat-fingered, careless new developer....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020