Question

SQL Server worst practices

Hardware, Database Management Systems, SQL Server, Administration, Availability, Backup & recovery, Migration, Modeling, Normalization, Performance/Tuning, Security, CE/Mobile, Standard Edition 2000, Version 7 and earlier, Development

Hello,
My name is Nick Bellistri and I am the assistant site editor for SearchSQLServer.com. Jeremy Kadlec, a performance and tuning expert at SearchSQLServer.com, recently wrote up what he considers some of the worst SQL Server practices and offered recommended fixes. You can see the list here: http://searchsqlserver.techtarget.com/tip/1,289483,sid87_gci1071463,00.html.

In response to this tip, several readers submitted their own worst practices ? and now we?d like to hear from you. Whether you left system performance out of your requirements analysis or you know someone who has no dedicated development and test environments, send us your worst practice and you will be eligible to win a TiVo Series 2 40-hour DVR.
Please submit your tips here:
http://searchsqlserver.techtarget.com/tips/0,289484,sid87,00.html

Thanks for your time.

Nicholas Bellistri
Assistant Editor
SearchSQLServer.com

#1 - default install while attached to the network - you can lose the system before entering a password for the SA.

#2 - The multiple applications that install MSDE without a password on SA or don't require that step during install.
(Two parties at fault - the app maker for not telling you and helping make it secure. And the user for not knowing what the application is installing, especially on a production machine.)

#3 - Applications with a default user & default password. Some apps give security control to this 'superuser'. With SQL set to be a transparent service, a hacker with user/password can troll for your server using odbc connections.