tags:

views:

60

answers:

4
+1  Q: 

Should an ASP.NET application allow administrators to change SQL Server connection?

As the title suggests:

What is your opinion on allowing administrators to update the SQL Server Connection string dynamically from the application versus just showing them the connection details in the application?

Because the database connection is so important and on a heavily used system the abrupt change to the connection seems like it could cause problems. However I would think displaying the server and catalog and whether the connection is using SSPI or SQL Auth could be helpful for administrators who don't like playing with .NET config files.

Thoughts?

+1  A: 

Sounds like two bad ideas. Allowing changes to connection strings while the app is running is sure to cause disruption (broken connections, data out of sync, and who knows what else). And even displaying connection details to anyone (even admins) seems like a dangerous security hole.

What kind of site do you have where this sort of thing would be necessary?

Ray  2010-04-07 20:07:23
The install page for wordpress does this (well, the php equivalent), precisely because wordpress users aren't expected to be very smart sysadmins.
MatthewMartin  2010-04-07 20:11:53
I suppose it makes sense on an installation. Might also make sense on a single-user system where the user needs to connect to different dbs (production vs archive, for example).
Ray  2010-04-07 20:14:48
Ray, The details would only be shown to someone who has the highest of authorization permission, in other words the system administrator who setup the application. The point is they can simply log in to the application to verify the application is using DB server XYZ and Database 123 oh and it is using integrated authentication.I am of the opinion that changing the DB settings is not a good idea but I wanted to see what others thought.BTW, as a note this would be an intranet only application.
Brent Pabst  2010-04-08 20:58:50
I guess I am used to working on sites where the people who need to know this info already know it, and it never changes unless there are major upgrades, hardware migrations, etc. All situations which are handled by developers and/or DBAs who are quite comfortable with config files.
Ray  2010-04-09 12:10:08
A: 

Requires that your application run in full trust, otherwise it's just using the System.Web.Configuration namespace:

http://www.beansoftware.com/ASP.NET-Tutorials/Modify-Web.Config-Run-Time.aspx

On any change to the web.config the app will recycle, so still isn't something you'd want to in the middle of the day if sales might be in flight.

Also, usually authentication and authorization relies on the database. So if you can't authenticate and authorize, you won't be able to get to the admin page to change the connection string! (Unless your authorization and authentication has nothing in it that touches the database, at least for the admin page your considering)

MatthewMartin  2010-04-07 20:10:16
Thanks for the post, I am aware of how to change the settings, but really wanted opinions on if people have done this before or not.
Brent Pabst  2010-04-08 20:59:49
+1  A: 

How are you identifying administrators? Presumably not by looking at the database. Because if you do use the db and then change the database to another server, it's possible they aren't administrators or there's no database, and then bam - they can't get in to fix it.

Typically, I like to do maintenance on this out-of-band (the config file or even in Active Directory, so it's in a centrally administered resource). We also typically have application administrators (roles, maintenance, approvals, workflow-related "administrators") who really are not system administrators in a technical sense. And often, we do not allow system administrators as user, managers or administraors within the application. i.e. I might have a purchase order system administrator who can void a purchase order, but they can't change a database connection and I have a sys admin who can't even create or approve a purchase order, let alone void one, but they can change the database connection in the config or in Active Directory as part of an upgrade or migration.

I agree that a debug page, help page or about page can be useful to show information to both system administrators and application administrators. Whether they should be allowed to change things there really depends.

Cade Roux  2010-04-07 20:46:01
A: 

Personally I don't like letting administrators change ANYTHING on a live site. All configuration changes should go through the same version-controlled, time-stamped, user-attributed, build-system-checked process that source code goes through. Only then can you draw connections "this stopped working at time X because user Y changed configuration A at time B".

An extreme view on the topic I know, but given the huge proportion of downtime that can be traced back to operator error I believe is justified, and I honestly can't understand the fascination people have for being able to edit fragile XML files on live servers where a single extra '>' can bring the entire site down.

Hightechrider  2010-04-07 21:13:14
That's not really acceptable in my opinion. Simple application settings that may be stored in appSettings section may be updated all the time, obviously it causes an App Pool recycle but those settings really have nothing to do with version control, especially if this is a publicly available product.Plus if an administrator truly wanted to change something on the site they only have to update the config file through remote desktop and your application could only catch the recycle and restart of the site.
Brent Pabst  2010-04-08 21:03:23
It's certainly not for everyone but in my experience running large system with millions of users, allowing adminstrators to change configuration settings on live servers manually with no checks and no audit trail is a very bad idea. The process of editing the configuration file, checking it in, watching it pass tests and get deployed automatically isn't that bad. Use a separate source control system if you like just for configuration settings. The benefits of having an audit log showing who changed what/when and being able to tie that to event logs from the site have proved significant.
Hightechrider  2010-04-08 21:36:56
Oh, and to the point that an admin could still change it, yes, they could if you decide to leave it in in XML still, which, incidentally, you have no reason to do now that it's passing through the build system - use strongly-typed C# if you like for settings with unit tests, code contracts and such like to check them too). But you also have an operations manual, operating procedures, and access controls limiting who can make changes on servers.
Hightechrider  2010-04-08 21:41:21

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP