We have several test databases that our support staff need to use. These systems have actual production data. For security reasons what is the proper and concise argument for each user having their own login versus a generic login for the entire team? How does identifying the public IP play into knowing who is logging in when?
Asked
Active
Viewed 134 times
1 Answers
1
From a security POV there are fewer risks with per-user logins and it is a good idea as you can get much finer control as to who can read and write to what tables - as well as better logging.
There are (manageable) disadvantages to this approach, but they are not around reduced security. These include -
- Greater likelihood of breaking the application by having incorrect permissions.
- Greater management complexity
- Risk of incomplete backups.
Allowing database connections from a Public IP is a bad idea. Logging public IPs gives a crude indication of the user accessing the data. This can be much more securely implemented by requiring remote users connect to your network across a VPN so they become part of your LAN. This has multiple advantages including greater protection of who can see the database, better control of access, and ensuring data is not communicated unencrypted across the wider internet - which prevents third party snooping and man-in-the-middle attacks.
It sounds like the company is prioritizing ease of development over security. That probably won't end well.
