Friday, I blogged my Bi-Annual security rant. Just to recap I was having a problem with a commercial tool that has a free version for single programmers (it's more of a team-oriented piece of software, but it helps me manage bugs). After reading their support forums (without an answer), I decided to take another shot. Once again the recap is that I couldn't get this things database to install. It wouldn't run under my account (which is an administrator) using Windows Permissions, and it wouldn't run under an SQL account (that was SystemAdministrator) -- and the rant was that I had given this account a password with Unicode characters.
I tried re-installing this weekend and went ahead and installed for everyone (something I don't always have a plan for... I just take whatever I feel like). I also figured out what the sa user's password was and low and behold it worked... Do I need to really rant on this one?!!?? What if I didn't turn on the sa user because I was afraid of the security risk? [My friend Tim reports that he was able to use Windows Authentication and get it to work, but his SQL server is not on his local box (I think)] BTW, I sent an email earlier today trying to get the company in question to send me the activation email so I could write all this in their forums (where it could be a little more discreet). I've decided to go ahead and post the name of the company and product not to embarass them, but to make others aware of the problem.
The product is Axosoft's OnTime 2005
(I've been using their PowerTrack 2005 for a couple months with zero issues in set up or use... I like the product and the new version sounded appealing... ok, to tell the truth, I upgraded because I saw the word "upgrade" ).
I hope they are summarily embarassed by what I have highlighted and will fix this problem in the future (hardcoded user names are bad in install scripts!)
| posted on Monday, April 11, 2005 2:11 PM