Application roles often interesting possibilities in theory. In practice? Brian explores how they work and some of the pros/cons you should consider before selecting them for use in your applications.   Read more...

SQL Server source code analysis and management add database security by debugging and testing SQL applications. Learn about SQL source code analysis.  Read more...

Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data.   Read more...

Gaining insight into my SQL Server standard and Windows logins has historically been a challenge in terms of determining password changes, failed login attempts, etc. I have noticed that you have experienced the same issue with your tip entitled 'When was the last time the SQL Server sa password changed' and I have noticed some information in the forums on the topic as well.   Read more...

Looking at this from a confidentiality, integrity and availability perspective – the essence of security and compliance – there are quite a few new selling points.  Read more...

SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought.   Read more...

You have all read about why object qualification is important. You also must have heard of why stored Proc should not have sp_ as prefix to the name. Now let us proove if this is all true.  Read more...

Although a few different options (Management Studio, system stored procedures, system views, custom scripts, etc.) exist to determine your permissions in SQL Server, in this tip we want to outline the functionality from the fn_my_permissions table valued function.   Read more...

An upgrade to the Best Practices Analyzer from Microsoft is now available. Here's a blog post from the SQL CAT team.  Read more...

Longtime SQL Server guru David Poole brings us a look at one of the thorny problems a DBA faces: tracking down illicit users.  Read more...

Part 2 of this article discusses how to hack/de-cipher the data that has been encrypted by passphrase.  Read more...

Learn how using basic SQL Server security practices of least privilege, delegated administration and separation of duties will protect SQL Server databases.  Read more...

SQL Server 2005 provides four methods of encryption. Part one of this article covers encryption and decryption by passphrase.  Read more...

Greg Larsen discusses the different options available within SQL Server 2005 for managing security.  Read more...

How anonymous are your ratings and other opinions on the Internet? Not as much as you might think.  Read more...

How many DBAs need a solution to track those changes made for multiple systems? Auditing is becoming more and more prevalent in all systems and having a good solution can really make your DBA job interesting. New author Keren Ramot brings us his technique that works indepedent of the database structure.   Read more...

Study encryption and hashing algorithm options for data security in SQL Server 2005 and use symmetric/asymmetric keys to encrypt and decrypt SQL Server data.  Read more...

Its a graphical representation of login creation in SQL Server 2005 for SQL Server Authentication Mode.  Read more...

There are over half a million database servers out on the Internet without protection. How can this happen?  Read more...

Learn how to reorganize permissions in SQL Server 2005 in a multiple database environment.   Read more...

You have all read about why object qualification is important. You also must have heard of why stored Proc should not have sp_ as prefix to the name. Now let us proove if this is all true.  Read more...

Longtime SQL Server guru David Poole brings us a look at one of the thorny problems a DBA faces: tracking down illicit users.  Read more...

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...