Let’s say we have
one db server.
three app servers with full database access.
Which scenario is the best?
- Each app server connects to that one database with different passwords.
Example: app srv 1 uses : “$ PSD$ Passwrod3” and app srv 2 uses “sometH$ ing else13pass” and so on.
- Every app server connects to that one database server with the same db password.
Technically, even if the servers have three different passwords, if one is hacked, the hacker will have full access to the database. So, we can use one password to make things easy for developers.
Is there any counter explanation that would justify using three different db passwords to “increase security”?