During the course of our application login there are several queries ran, all around validating the login. In evaluating them I noticed that one of the queries is run without the NOLOCK hint.
There does not seem to be any particular danger of dirty read because the data would hardly ever change.
Thinking about it from an attempted DOS type attack by somebody attempting failed logins over and over again I am suggesting that the lack of NOLOCK lowers our threshold for failure.
I believe it is an extremely unlikely result of a DOS attack (I think the web server would go first) but adding NOLOCK should make it go from unlikely to impossible.
So, am I being excessive or trivial?
Having NOLOCKs or not is the least of your worries with a DoS attempt against your server.
I wouldn’t sweat it.
If, as you say, the data rarely changes, having the NOLOCKs there probably don’t hurt.