Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


live databases (MSSQL)

Posted on 2014-07-15
Medium Priority
Last Modified: 2014-07-20
We are doing some risk assessment work on some older SQL Servers. There are a few instances that seem to be hosting databases that drive a number of differernt applications.

1) What potential risks are there here is storing databases from different applications on the same instance?
2) And can you think of any logic why an admin would set things up this way (typically cost cutting in this company!)
3) Is there any easy way to determine if these databases are live/being used? Where could you look for clues as to whether these databases are actively in use/being updated etc? Any queries which could help? Some may be orphaned and just never been removed.
4) Is there any risk in leaving old orphaned databases on a live database server?
Question by:pma111
1 Comment
LVL 18

Accepted Solution

Jerry Miller earned 2000 total points
ID: 40197234
As long as you have separate log in credentials for each application, there should be minimal security risk associated with having multiple databases on the same instance. That being said, your programmers  should also be following good practices like having an application ID that can only access a schema of stored procedures. This schema is the only area of the database where the application can interact with the database and all of the code uses stored procedures. Applications should never have full admin access to the database. If they need full access to function, they should probably be re-written.

Cost cutting would most likely be the reason to set up this way. I believe that SQL licensing can be done on a per server basis, but you would have to check how your pricing is set up.

Do you have application contacts for the databases? Reach out to them and see which of these are still necessary. With no contact information, you can look at any log tables in each database and see the most recent entries. There should be some sort of table at least capturing log in data for each application. If you know it isn't a mission critical application, you could disable log ins for the database and see if anyone screams. But I would be real sure that you aren't disrupting the business and that you have exhausted other avenues before disabling log ins. That could be a very bad resume generating event if you stop the business from running just 'to see' if the application was active. You should be pretty sure that it is a dead application before disabling log ins.

Orphaned databases wouldn't cause any issues unless you are running out of disk space.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access has a limit of 255 columns in a single table; SQL Server allows tables with over 255 columns, but reading that data is not necessarily simple.  The final solution for this task involved creating a custom text parser and then reading…
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question