[John Rogers]

I learned from the many years I was a DBA before retiring a few years ago that there are several things you can and should do make make the application front end and database work smoothly and safely. They include:

- Never use single sign on to manage the user connections to the database. Set them up inside the database and make sure the data in that user table is encrypted. This prevents a person that has gained access to the network from gaining access to the database of important information.

- If you have to copy the application and database to a new server for upgrades and testing, copy everything including the report engine, application, etc and do not rely on anything from the production side to do any testing with the new system. It is very easy to get the database, reports, apps, etc mixed up and bugger the production system.

- If possible, keep the application and database off the domain or in a separate small domain away from everything else. This prevents the possibility of the database getting hacked into easily.

- Minimize the number of users who can access the application and database servers, especially the production system. Generally we allowed the sysadmin, backup sysadmin, DBA and backup DBA (when I had one) to actually be able to connect to the server box directly. You can see the reason why I would guess.

- When making a copy of either the application or database, use a "diff" program like Oracle has so you can verify everything has been moved and not cause problems if pieces of the database or application are missing. This can be minimized if the test server(s) have similar naming for directories and other things.

Generally these things are done when designing the overall system and I teach this in one of the database/business systems design classes but we use Oracle as the database but these rules can work with any database and any front end.