Derrick Leggett Blog

Ramblings, grumblings, and other nonintelligible nonsense about SQL Server.

<b>Applications that SUCK!!!!!</b>

In this world of third-party insanity, I'm constantly amazed how much companies spend for third-party applications that are written like crap and have ZERO security.  Lately, I've been plagued by a series of third-part applications using the sa username and password.  When you ask them WHY, they get angry and explain that's how the applications were designed.  When I politely explain to them that they are idiots, they don't seem to comprehend WHY.  So, I'll say it again.....YOU'RE AN IDIOT!!!!!


Magic Helpdesk Software (

Websense (

  • Focusing on the security of the web.   HAHAHAHA

RATA HMDA Compliance software (added 20050517)

  • This one kind of cracks me up.  The default installation creates an account and assigns sysadmin server role rights to it.


I’ll add to the list as I think about more.  Let me know your personal favorites.


Legacy Comments

re: <b>Applications that SUCK!!!!!</b>
<i>Focusing on the security of the web. HAHAHAHA</i><p>Hey, there's no conflict there. The web sites are's your DATABASE SERVERS that are open wider than a $5 hooker with a $100 bill.

re: <b>Applications that SUCK!!!!!</b>
We had a third-party database application that used an INI file to store SQL credentials. When they sent to sample INI file it had a key for the username (already filled in with 'sa') but no key for the password. When I asked about it they were very suprised to know that my sa account had a password.

Needless to say I didn't use the sa account, or any account with a blank password once they gave me the info to setup the password.

Also, some time later they sent out a message to all their customers informing them about a worm that exploited SQL servers with blank sa passwords...

scary stuff