Technical Debt

When you take shortcuts and accumulate technical debt, most of the time you just don't know when, where and how this will come back and bite you in the ass. Case in point, in our company every quarter the DBA has to go through user accounts, regenerate passwords, and distribute them to all the database users. This is a major pain in the neck that has been going on for a long time.

As soon as I heard about this, I inquired why do we manage user passwords manually, instead of tying the database (MS SQL Server) to the Active Directory. The answer was that this is done so that our main in-house application can authenticate users against database accounts, and for the app to continue to work, it needs access to passwords. "Why can't we change the way authentication is handled?" I asked next. "Well, because there is no central place where authentication is done and every module does it on it's own. So to change this now, would require a major overhaul."

When the application was first written, there was no Active Directory and MS SQL Server handled its own authentication. But this is not a good excuse for not taking time to think the architecture through. We are paying for a bad decision made almost 10 years ago by not being able to simplify maintenance by taking advantage of a new technology.