I am a mechanical engineer first and my companies go to sysadmin second. So software developing isnt really my main field of expertise buuttt:


Yesterday i started to migrate some stuff from our old Win 2008 Server to the new 2016. Turns out there are some MS SQL Express Servers running. Quick check for what they are turns out that they are activly used. So far so good. For other reasons we have a new MSSQL 2017 Core Licence. So i thought, hey it would be nice to just move those 2012, 2008 and 2014 Express Servers to a real one that can use the entire machines capabilities.
After some try & error with exporting one of the softwares (where i had to elevate one the user rights to sysadmin for reasons) the entire system stopped working. I didnt deleted anything or changed anything! Well, i elevated user rights. After 2 hours of support call it turns out that the software stopped working cause i gave the database user sysadmin rights. I dont know enough about MSSQL to judge wether that is logical or not, but it sounds super illogical and i suspect sloopy software writing on the manufacturers part. One way or another, the excuse from the telephone support was "yeah, our software is a very fragile child"
After i told all that my coworkers two of them were also "yeah, that is just how the [company] software is, you have to be careful with it"

Apparently it broke in the past for other minor stuff.
As an engineer i cannot build bridges that collapse when you use the left and the right lane at the same time. For an architect it isnt okay to build an house where the front door explodes when you open a window. It is not okay for a power tool to go out in a fireball when you accidently drill plastic with it. But for some weird reasons its socially acceptable for programs to be sloopy, buggy and only working under specific conditions. Since when is it okay for a car only to work when you know specific steps to make it run? Like, throwing your spare key in the gas tank, the kick the left wheel exactly three times and finally tapping the steering wheel 5 times left, 4 times right. What? That would be ridiculous? But that is exactly how that software works. You have to follow a specific step guide to make it work, EVERY TIME.


  • 1
    IDK about mssql either, but messing with user permissions is usually a big deal, especially for a DB. Maybe it's a bug, but maybe it's some mitigation feature in case of a privilege escalation attack?

    Apart of that, I agree with the pitiful state of some products out there, however software development is very different from physical projects, mostly because it's much more logically complex than a civil engineering project. Each user interaction is a moving part possible to cause problems and there's no recipe we can follow that fit all softwares. Nonetheless I believe we can do better.
  • 1
    @lucaspar in the past I did some stuff with mysql and none of the versions I used ever complained about being able to do more stuff, but I believe that you are right, its a big deal from a security perspective. But if the software would prevent that it should show an error message, instead it behaves like there is an error with the db itself. Strange
  • 0
    Then that application/service should have it's own user (kinda a *duh*), so you won't need to mess with the permissions for something else...
Add Comment