When too much security kill security

Wednesday, July 21, 2004

This story just happens to me. I host one project with a UK company (UK hosting).

Reliable, nothing to complain about until last week. For some unknown reasons, I couldn't have access to the database using Enterprise Manager.

After a series of emails (for god sake hosting companies should have a better support !), I just received an amazing answer from them.

"
Due to security reasons we will need to allow the IP address you are
connecting from, throuh our firewall to access using Enterprise Manager.
Please let us know what your IP is.
"

I think this is a first for me. Guys I don't know for you, but I develop from different machines and in different places.

How I am supposed to have a fix IP address ? :-))

3 Comments

That's pretty standard...and I'm surprised they haven't enforced that previously. Exposing the SQL Server administration ports on the net (which is essentially what you're asking them to do) is kind of asking for trouble. Many hosts just won't allow any access of this type instead insisting on secure connections to something like remote desktop or PC Anywhere (or if you're really unlucky TimbukToo) - you can then access SQL Server Enterprise manager from the machine desktop. I'd be surprised if you couldn't suggest one or two ips which would cover every machine you work on (I certainly could get away with 2 ips...)

Scott Galloway - Wednesday, July 21, 2004 12:12:00 PM

Hi Scott. Well the problem is my Broadband access has no fix IP. At office, yes I control my own network, but the IPs I use are private ones, and it's quite a complicated story but I can't give any fix IPs there too.

I also like the flexibility to use my laptop or any other Enterprise Manager wherever I want. After all, they setup an access with username and password, and they lock the sa access, so I don't see where is the problem.

The main issue I have anyway is their unilateral decision to change their policy without consulting their clients :-(

Paschal - Wednesday, July 21, 2004 12:26:00 PM

Fair enough, their decision to change without consulting is unfortunate - but I still think their decision is the correct one. The best alternative for you would therefore seem to be accessing the machine desktop remotely, clients like PC Anywhere will let you use a certificate on the client to do this...worth discussing it with your host - likely that the prospect of losing business will open up some possibilities for you...

Scott Galloway - Wednesday, July 21, 2004 12:54:00 PM

Comments have been disabled for this content.