Pin code or other security for production connections

I am a careful person who does not like to have connections to production environments beyond the exact time scope I need them.
But it also sucks to constantly set up and delete connections.

Currently I have set up a read only user on sql server which partially solves this but for any third party managing to access my computer it still means they can read and query data.
But at least it solves me writing to a production database by accident.

However, if we could have a connection that required authentication something like pin, fingerprint or similar and that times out somewhat quickly would solve both my annoyance at setting up and then removing a connection every time I want to write to the db manually and also that it does not need to leave connections open long term even in read only mode, mitigating the risk somewhat if someone accesses my computer.

I can imagine many solutions, such as "unlocked until screensaver" or timeout or similar


  • edited May 2022

    Maybe an option in the login details (for the default drivers) to provide auth for first run and refreshes of the connection. Like an option to not save the credentials, just the connection settings.

    edit: reread, ah yes a pin would make that easier. 😅

  • Could be a big job to handle PINs securely - not sure how easy Microsoft's TPM libraries are to use.

    Are you trying to protect against someone accessing your computer physically after you've left it unattended and unlocked, or a remote attack?

  • Honestly, for me, the biggest thing is that I don't by mistake do changes in a production database thinking it's a dev db.

    So for me the added security is a sweet bonus but not my main worry, but I would say most likely is when I leave computer unattented (or someone snatches it). But again, for me, this is secondary!

  • Any chance for this feature?

    Even with a simple implementation and somewhat weak security it would be a huge boon.

  • In terms of protecting you from accidentally changing a production database, does the orange bar that displays in the query margin when you check "Contains production data" do the job, and if not, could the warning be improved?

  • It does and it's certainly a step in the right direction.

    But for me a dev (rather han ops) I spend 99% of my time in staging and dev environments. So I don't much look for it. That is why for me a simple pin (even if imperfect security) would be by far the best.

Sign In or Register to comment.