Why RDP'ing into a SQL machine is a bad idea

Table of Contents

Guys, you should stop doing this, there are reasons if it’s not recommended to log into the SQL Server Machine via RDP as opposed to using a client on your PC (or another machine).

PS: These recommendations are valid for any DMBS, not only SQL Server

You’re stealing resources from SQL Server

Probably you’re logging into your server because there is a problem, do you really want to steal precious RAM and CPU time by launching SSMS (or any other tool) and making the situation even worse?

If your tool crashes, you could bring down the instance with you

Tools are evolving faster day after day, it’s not uncommon that there are bugs left unchecked by the product team; do you really want to risk bringing down the entire server because your tool is bugged?

If things are really bad, you won’t be able to log in, regardless of where you are

When there are SERIOUS performance problems, i.e. your instance is totally pinned as far as resources go, the only way to log into the instance to do something about it is using DAC ; even if you are on the same machine, if you’re trying to log in, as usual, it won’t make any difference.
Enable Remote DAC and save yourself from future troubles, now.

Why letting someone else RDP into the SQL Machine even worse

Oh hoy, here we go; supposing you don’t restrict them in any way, other than the one above they could (i mean, you could too, but why would you?):

Modify the data files and/or corrupt the database

If the data files are accessible and editable, a malicious user can just go in and modify them, the database will immediately become corrupt, or worse if they know what they’re doing they could actually change data in tables they shouldn’t have access to.

That’s because data files aren’t encrypted by default, so if you want encryption you have to ask for it, or don’t allow anybody to come near the files.

Delete everything

Technically this is still data modification as above, but scarier written in this way.

Steal Data

Even scarier than losing everything, for the guys in security, is letting someone have your data.
Whoever has access to the machine, and the data files, even if the account on the instance itself is super locked down, will be able to just read anything he pleases, just like it.

Just Crash the machine

Why not? Just like that, deliberately.

comments powered by Disqus

Related Posts

What's the best way to massively update a big table?

A thing that can happen once in a while in a DW is the need to massively update a column in a table, let’s find out.

Read More

How to fix direct Query authentication delegation issues with Power Bi Report Server with Edge and Chrome

With the end of the IE support for Power Bi (and in general tbh), companies are scrambling finally to move their users from the legacy browser to modern ones; it was about time if you ask me.

Read More

Quick Tip: Dumb fix for "ORA-26086: direct path does not support triggers" in Azure Data Factory or Azure Synapse Analytics Pipelines

You should already know that in my opinion, due to my extended experience, Larry Ellison has an explicit agenda to make your life as miserable as possible and locking you in while you use Oracle products.

Read More