How many DBAs need a solution to track those changes made for multiple systems? Auditing is becoming more and more prevalent in all systems and having a good solution can really make your DBA job interesting. New author Keren Ramot brings us his technique that works indepedent of the database structure.   Read more...

The Sarbanes-Oxley act has changed many IT jobs, usually requiring more work and documentation. Johan Bijnens brings us a list of some things his team has had to do to comply with SOX regulations.   Read more...

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, Using .NET features to prevent attacks, and Importance of handling exceptions  Read more...

A patch to your SQL Server system can cause problems, but an unpatched SQL Server is unprotected. Learn the pros and cons of SQL Server patches.   Read more...

Auditing is something that almost every DBA needs to tackle at some point in his or her career. David McKinney brings a new twist on the solution by using XML and XSL to help implement auditing in your SQL Server application.   Read more...

Many state data-breach laws exempt encrypted data from PR-nightmare public-notice requirements, but don't let that fool you into thinking it's an easy answer to the data privacy challenge. Here's the lowdown on loopholes, caveats and options to consider when applying encryption.  Read more...

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, and more.  Read more...

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...

How many DBAs need a solution to track those changes made for multiple systems? Auditing is becoming more and more prevalent in all systems and having a good solution can really make your DBA job interesting. New author Keren Ramot brings us his technique that works indepedent of the database structure.   Read more...

Pop provides a cunning, trigger-based technique for auditing the activity on SQL Server tables   Read more...

All good detective stories have a femme fatale. In the case of corporate espionage scandals, Celia Goodson, a seasoned businesswoman and once a glossily groomed blonde, has been involved in investigating more business transgressions to hit the City in the last three decades than anyone else of her years.  Read more...

We'll go over some examples of attacks against protocols and rules following, which will help you when designing and implementing protocols of your own.  Read more...

In this article I will discuss some new ideas that can result in either modifying SQL statements or injecting SQL code even if the code has escaped the delimiting characters. I will start with some best practices for constructing delimited identifiers and SQL literals, and then I'll show you new ways attackers can inject SQL code in order to help you protect your applications.  Read more...

The suggested method illustrates a way how such tampering by an authorized user can be detected. While this method doesn't provide tamper-prevention measures, but as there is no such thing as ultimate security, detection of such tampers will help maintaining the integrity of information in a great way   Read more...

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.  Read more...

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...

A defense-in-depth strategy, with overlapping layers of security, is the best way to counter these threats, and the least-privileged user account (LUA) approach is an important part of that defensive strategy. The LUA approach ensures that users follow the principle of least privilege and always log on with limited user accounts. This strategy also aims to limit the use of administrative credentials to administrators, and then only for administrative tasks.  Read more...

Auditing, analyzing and documenting your SQL Server installation is becoming more important all the time, especially as more and more attention is being paid to the security of your environment. Chad Miller brings us a look at a framework and a sample document you can use in your environment to conduct an audit.   Read more...

If a hacker sets sights on your SQL Server, there are four primary methods he can use to take control and carry out unauthorized, malicious activity. I will look at each of these: Password compromise, Account compromise, SQL injection, Buffer overflows   Read more...

We've had a lot of coverage of dynamic sql (including another great one from Robert Marda later this week) but this one is a little different. Done in a question/answer format, Andy tries to explain to junior developers why dynamic sql is to be avoided, how to do so, what to do when you can't.   Read more...