Gaining insight into my SQL Server standard and Windows logins has historically been a challenge in terms of determining password changes, failed login attempts, etc. I have noticed that you have experienced the same issue with your tip entitled 'When was the last time the SQL Server sa password changed' and I have noticed some information in the forums on the topic as well.   Read more...

Although a few different options (Management Studio, system stored procedures, system views, custom scripts, etc.) exist to determine your permissions in SQL Server, in this tip we want to outline the functionality from the fn_my_permissions table valued function.   Read more...

An upgrade to the Best Practices Analyzer from Microsoft is now available. Here's a blog post from the SQL CAT team.  Read more...

Part 2 of this article discusses how to hack/de-cipher the data that has been encrypted by passphrase.  Read more...

SQL Server 2005 provides four methods of encryption. Part one of this article covers encryption and decryption by passphrase.  Read more...

Greg Larsen discusses the different options available within SQL Server 2005 for managing security.  Read more...

Study encryption and hashing algorithm options for data security in SQL Server 2005 and use symmetric/asymmetric keys to encrypt and decrypt SQL Server data.  Read more...

Its a graphical representation of login creation in SQL Server 2005 for SQL Server Authentication Mode.  Read more...

Learn how to reorganize permissions in SQL Server 2005 in a multiple database environment.   Read more...

SQL Server 2005 introduces the concept of schemas as opposed to object owners found in previous versions. This article will explain the differences between the two and, hopefully, clear up some of the confusion that still exists about schemas.  Read more...

Auditing is something that almost every DBA needs to tackle at some point in his or her career. David McKinney brings a new twist on the solution by using XML and XSL to help implement auditing in your SQL Server application.   Read more...

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, and more.  Read more...

In this presentation at the Jacksonville SQL Server Users Group, Bayer White playS the part of a developer protecting his application and Brian Knight attempts to hack his application using SQL Injection and cross-site scripting. Then, Bayer will show you how to protect yourself from the hacker and then Brian tries again. Back and forth the chess match goes until someone wins!   Read more...

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.  Read more...

Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment.   Read more...

Gaining insight into my SQL Server standard and Windows logins has historically been a challenge in terms of determining password changes, failed login attempts, etc. I have noticed that you have experienced the same issue with your tip entitled 'When was the last time the SQL Server sa password changed' and I have noticed some information in the forums on the topic as well.   Read more...

Auditing is something that almost every DBA needs to tackle at some point in his or her career. David McKinney brings a new twist on the solution by using XML and XSL to help implement auditing in your SQL Server application.   Read more...

Although a few different options (Management Studio, system stored procedures, system views, custom scripts, etc.) exist to determine your permissions in SQL Server, in this tip we want to outline the functionality from the fn_my_permissions table valued function.   Read more...