Pin code or other security for production connections

I am a careful person who does not like to have connections to production environments beyond the exact time scope I need them.
But it also sucks to constantly set up and delete connections.

Currently I have set up a read only user on sql server which partially solves this but for any third party managing to access my computer it still means they can read and query data.
But at least it solves me writing to a production database by accident.

However, if we could have a connection that required authentication something like pin, fingerprint or similar and that times out somewhat quickly would solve both my annoyance at setting up and then removing a connection every time I want to write to the db manually and also that it does not need to leave connections open long term even in read only mode, mitigating the risk somewhat if someone accesses my computer.

I can imagine many solutions, such as "unlocked until screensaver" or timeout or similar


  • Options
    edited May 2022

    Maybe an option in the login details (for the default drivers) to provide auth for first run and refreshes of the connection. Like an option to not save the credentials, just the connection settings.

    edit: reread, ah yes a pin would make that easier. 😅

  • Options

    Could be a big job to handle PINs securely - not sure how easy Microsoft's TPM libraries are to use.

    Are you trying to protect against someone accessing your computer physically after you've left it unattended and unlocked, or a remote attack?

  • Options

    Honestly, for me, the biggest thing is that I don't by mistake do changes in a production database thinking it's a dev db.

    So for me the added security is a sweet bonus but not my main worry, but I would say most likely is when I leave computer unattented (or someone snatches it). But again, for me, this is secondary!

  • Options

    Any chance for this feature?

    Even with a simple implementation and somewhat weak security it would be a huge boon.

  • Options

    In terms of protecting you from accidentally changing a production database, does the orange bar that displays in the query margin when you check "Contains production data" do the job, and if not, could the warning be improved?

  • Options

    It does and it's certainly a step in the right direction.

    But for me a dev (rather han ops) I spend 99% of my time in staging and dev environments. So I don't much look for it. That is why for me a simple pin (even if imperfect security) would be by far the best.

  • Options

    Hi!. Looking for something that prevents me to make changes to a production database.

    Sorry if this thread is obsolete or something like this is already implemented.

    I like the Contains production Data as a warning, but it would be great a "Readonly Mode" checkbox, that forces the code to stop executing (or refuses to execute the script) if there is any insert/update/delete to the database

  • Options

    All this could really do is prevent updates through SubmitChanges and the interactive "Edit Table" feature. There are plenty of other ways to effect changes, such as this.ExecuteCommand, or by calling a stored procedure. Also, it would do nothing at all in SQL mode, other than impart a false sense of security. What you really need is another login with read-only permissions. (It would be great if SQL Server supported an option in the connection string that did the same job.)

  • Options

    I guess you could respond by suggesting a "Prevent updates via SubmitChanges" checkbox instead of "Readonly mode" checkbox. Would this be useful?

Sign In or Register to comment.