It's just Emanuele showing you what you can do in the Microsoft Data Platform

Why RDP'ing into a SQL machine is a bad idea

W

Guys, you should stop doing this, there are reasons if it’s not recommended to log into the SQL Server Machine via RDP as opposed to using a client on your PC (or another machine).

PS: These recommendations are valid for any DMBS, not only SQL Server

You’re stealing resources from SQL Server

Probably you’re logging into your server because there is a problem, do you really want to steal precious RAM and CPU time by launching SSMS (or any other tool) and making the situation even worse?

If your tool crashes, you could bring down the instance with you

Tools are evolving faster day after day, it’s not uncommon that there are bugs left unchecked by the product team; do you really want to risk bringing down the entire server because your tool is bugged?

If things are really bad, you won’t be able to log in, regardless of where you are

When there are SERIOUS performance problems, i.e. your instance is totally pinned as far as resources go, the only way to log into the instance to do something about it is using DAC; even if you are on the same machine, if you’re trying to log in, as usual, it won’t make any difference.
Enable Remote DAC and save yourself from future troubles, now.

Why letting someone else RDP into the SQL Machine even worse

Oh hoy, here we go; supposing you don’t restrict them in any way, other than the one above they could (i mean, you could too, but why would you?):

Modify the data files and/or corrupt the database

If the data files are accessible and editable, a malicious user can just go in and modify them, the database will immediately become corrupt, or worse if they know what they’re doing they could actually change data in tables they shouldn’t have access to.

That’s because data files aren’t encrypted by default, so if you want encryption you have to ask for it, or don’t allow anybody to come near the files.

Delete everything

Technically this is still data modification as above, but scarier written in this way.

Steal Data

Even scarier than losing everything, for the guys in security, is letting someone have your data.
Whoever has access to the machine, and the data files, even if the account on the instance itself is super locked down, will be able to just read anything he pleases, just like it.

Just Crash the machine

Why not? Just like that, deliberately.

About the author

Emanuele Meazzo

1 comment

It's just Emanuele showing you what you can do in the Microsoft Data Platform

Emanuele Meazzo

My Social Profiles

If you're interested in following me around in the social world, here are some URLs for you