Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Content with tags Security, Strategies Rss

   Items 1 to 20 of 45    Older >>
 

SQL Stored Procedure to Log Updates, Independent of Database Structure

How many DBAs need a solution to track those changes made for multiple systems? Auditing is becoming more and more prevalent in all systems and having a good solution can really make your DBA job interesting. New author Keren Ramot brings us his technique that works indepedent of the database structure.   Read more...
By Keren Ramot 2007/02/12 | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 17,641 reads

SQL Server and SOX

The Sarbanes-Oxley act has changed many IT jobs, usually requiring more work and documentation. Johan Bijnens brings us a list of some things his team has had to do to comply with SOX regulations.   Read more...
By Johan Bijnens 2007/10/02 | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 5,180 reads

Stop SQL Injection Attacks Before They Stop You

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, Using .NET features to prevent attacks, and Importance of handling exceptions  Read more...
By Additional Articles 2007/09/19 | Source: MSDN Communities | Category: security
Rating:  Rate this |   Briefcase | 3,808 reads

SQL Server patch pros and cons

A patch to your SQL Server system can cause problems, but an unpatched SQL Server is unprotected. Learn the pros and cons of SQL Server patches.   Read more...
By Additional Articles 2007/09/04 | Source: SearchSQLServer | Category: security
Rating:  Rate this |   Briefcase | 2,341 reads

An Auditing Solution with XML And XSL

Auditing is something that almost every DBA needs to tackle at some point in his or her career. David McKinney brings a new twist on the solution by using XML and XSL to help implement auditing in your SQL Server application.   Read more...
By David McKinney 2007/08/20 | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 4,995 reads

Encryption: Not the End-All Fix for Data Privacy

Many state data-breach laws exempt encrypted data from PR-nightmare public-notice requirements, but don't let that fool you into thinking it's an easy answer to the data privacy challenge. Here's the lowdown on loopholes, caveats and options to consider when applying encryption.  Read more...
By Additional Articles 2007/07/17 | Source: Intelligent Enterprise | Category: security
Rating:  Rate this |   Briefcase | 1,951 reads

Stop SQL Injection Attacks Before They Stop You

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, and more.  Read more...
By Additional Articles 2007/07/09 | Source: MSDN Communities | Category: security
Rating:  Rate this |   Briefcase | 4,189 reads

SQL 2000 DBA Toolkit Part 1

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...
By Michael Coles 2007/06/22 (first published: 2006/04/13) | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 30,295 reads

SQL Stored Procedure to Log Updates, Independent of Database Structure

How many DBAs need a solution to track those changes made for multiple systems? Auditing is becoming more and more prevalent in all systems and having a good solution can really make your DBA job interesting. New author Keren Ramot brings us his technique that works indepedent of the database structure.   Read more...
By Keren Ramot 2007/02/12 | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 17,641 reads

Pop Rivett's SQL Server FAQ No.5: Pop on the Audit Trail

Pop provides a cunning, trigger-based technique for auditing the activity on SQL Server tables   Read more...
By Additional Articles 2007/01/09 | Source: Red-Gate | Category: security
Rating:  Rate this |   Briefcase | 2,223 reads

Tales of Corporate Espionage

All good detective stories have a femme fatale. In the case of corporate espionage scandals, Celia Goodson, a seasoned businesswoman and once a glossily groomed blonde, has been involved in investigating more business transgressions to hit the City in the last three decades than anyone else of her years.  Read more...
By Additional Articles 2006/12/21 | Source: Red-Gate | Category: security
Rating:  Rate this |   Briefcase | 2,251 reads

Your Field Guide To Designing Security Into Networking Protocols

We'll go over some examples of attacks against protocols and rules following, which will help you when designing and implementing protocols of your own.  Read more...
By Additional Articles 2006/12/19 | Source: MSDN Communities | Category: security
Rating:  Rate this |   Briefcase | 1,504 reads

New SQL Truncation Attacks And How To Avoid Them

In this article I will discuss some new ideas that can result in either modifying SQL statements or injecting SQL code even if the code has escaped the delimiting characters. I will start with some best practices for constructing delimited identifiers and SQL literals, and then I'll show you new ways attackers can inject SQL code in order to help you protect your applications.  Read more...
By Additional Articles 2006/12/14 | Source: MSDN Communities | Category: security
Rating:  Rate this |   Briefcase | 4,043 reads

Forensic Tamper Detection in SQL Server

The suggested method illustrates a way how such tampering by an authorized user can be detected. While this method doesn't provide tamper-prevention measures, but as there is no such thing as ultimate security, detection of such tampers will help maintaining the integrity of information in a great way   Read more...
By Additional Articles 2006/12/12 | Source: Other | Category: security
Rating:  Rate this |   Briefcase | 2,074 reads

Anticipate the worst when developing SQL Server databases

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.  Read more...
By Additional Articles 2006/10/12 | Source: Builder.com | Category: security
Rating:  Rate this |   Briefcase | 3,185 reads

SQL 2000 DBA Toolkit Part 1

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...
By Michael Coles 2007/06/22 (first published: 2006/04/13) | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 30,295 reads

Applying the Principle of Least Privilege to User Accounts on Windows

A defense-in-depth strategy, with overlapping layers of security, is the best way to counter these threats, and the least-privileged user account (LUA) approach is an important part of that defensive strategy. The LUA approach ensures that users follow the principle of least privilege and always log on with limited user accounts. This strategy also aims to limit the use of administrative credentials to administrators, and then only for administrative tasks.  Read more...
By Additional Articles 2006/02/24 | Source: MSDN Communities | Category: security
Rating:  Rate this |   Briefcase | 2,287 reads

Conducting a SQL Server Operational Audit

Auditing, analyzing and documenting your SQL Server installation is becoming more important all the time, especially as more and more attention is being paid to the security of your environment. Chad Miller brings us a look at a framework and a sample document you can use in your environment to conduct an audit.   Read more...
By Chad Miller 2005/10/24 | Source: SQLServerCentral.com | Category: administration
Rating: |  Discuss |   Briefcase | 13,183 reads

Hacker's-eye view of SQL Server

If a hacker sets sights on your SQL Server, there are four primary methods he can use to take control and carry out unauthorized, malicious activity. I will look at each of these: Password compromise, Account compromise, SQL injection, Buffer overflows   Read more...
By Additional Articles 2005/10/07 | Source: Other | Category: security
Rating:  Rate this |   Briefcase | 4,290 reads

Dynamic SQL or Stored Procedure

We've had a lot of coverage of dynamic sql (including another great one from Robert Marda later this week) but this one is a little different. Done in a question/answer format, Andy tries to explain to junior developers why dynamic sql is to be avoided, how to do so, what to do when you can't.   Read more...
By Andy Warren 2005/08/26 (first published: 2003/04/23) | Source: SQLServerCentral.com | Category: performance tuning
Rating: |  Discuss |   Briefcase | 47,250 reads
   Items 1 to 20 of 45    Older >>
 
Tags
sql server 7 (17)    
miscellaneous (6)    
administration (4)    
best and worst practices (4)    
programming (3)    
sql server 2005 (3)    
sql server 6.5 (3)    
t-sql (3)    
worst practices (3)    
development (2)    
other (2)    
advanced (1)    
advanced querying (1)    
best practices (1)    
configuring (1)    
database design (1)    
disaster recovery (dr) (1)    
news (1)    
performance tuning (1)    
rants (1)    
sql puzzles (1)    
sqlservercentral (1)    
stored procedures (1)    
xml (1)    
xsl (1)