http://www.sqlservercentral.com/Articles tagged Security posted on SQLServerCentral.comen-us360sjones@sqlservercentral.com (Steve Jones)Application roles often interesting possibilities in theory. In practice? Brian explores how they work and some of the pros/cons you should consider before selecting them for use in your applications. http://www.sqlservercentral.com/articles/Security/sqlserversecurityprosandconsofapplicationroles/1116/2008/07/25http://www.sqlservercentral.com/articles/Security/sqlserversecurityprosandconsofapplicationroles/1116/When you find out how easy it is for insiders to hack SQL Server databases with a few free security tools and a little luck, you'll re-examine your database security practices.http://www.sqlservercentral.com/redirect/articles/63447/2008/06/30http://www.sqlservercentral.com/redirect/articles/63447/This article describes how the Transparent Data Encryption feature in SQL Server 2008 can be used to secure your databaseshttp://www.sqlservercentral.com/redirect/articles/63449/2008/06/23http://www.sqlservercentral.com/redirect/articles/63449/SQL Server 2008 is secure by design, default, and deployment. Microsoft is committed to communicating information about threats, countermeasures, and security enhancements as necessary to keep your data as secure as possible. This paper covers some of the most important security features in SQL Server 2008. It tells you how, as an administrator, you can install SQL Server securely and keep it that way, even as applications and users make use of the data stored within.http://www.sqlservercentral.com/redirect/articles/63339/2008/06/12http://www.sqlservercentral.com/redirect/articles/63339/Get security practices, procedures and documentation to meet Sarbanes-Oxley (SOX) compliance. This tip includes checklists to guide SQL DBAs and developers to inspect systems.http://www.sqlservercentral.com/redirect/articles/63201/2008/06/05http://www.sqlservercentral.com/redirect/articles/63201/ SQL Server source code analysis and management add database security by debugging and testing SQL applications. Learn about SQL source code analysis.http://www.sqlservercentral.com/redirect/articles/62905/2008/05/06http://www.sqlservercentral.com/redirect/articles/62905/Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data. http://www.sqlservercentral.com/articles/Security/freeencryption/1980/2008/04/25http://www.sqlservercentral.com/articles/Security/freeencryption/1980/Gaining insight into my SQL Server standard and Windows logins has historically been a challenge in terms of determining password changes, failed login attempts, etc. I have noticed that you have experienced the same issue with your tip entitled 'When was the last time the SQL Server sa password changed' and I have noticed some information in the forums on the topic as well. http://www.sqlservercentral.com/redirect/articles/62838/2008/04/21http://www.sqlservercentral.com/redirect/articles/62838/Looking at this from a confidentiality, integrity and availability perspective – the essence of security and compliance – there are quite a few new selling points.http://www.sqlservercentral.com/redirect/articles/62548/2008/03/24http://www.sqlservercentral.com/redirect/articles/62548/SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought. http://www.sqlservercentral.com/articles/Security/updatedsqlinjection/2065/2008/03/21http://www.sqlservercentral.com/articles/Security/updatedsqlinjection/2065/You have all read about why object qualification is important. You also must have heard of why stored Proc should not have sp_ as prefix to the name. Now let us proove if this is all true.http://www.sqlservercentral.com/articles/T-SQL/62061/2008/03/10http://www.sqlservercentral.com/articles/T-SQL/62061/Although a few different options (Management Studio, system stored procedures, system views, custom scripts, etc.) exist to determine your permissions in SQL Server, in this tip we want to outline the functionality from the fn_my_permissions table valued function. http://www.sqlservercentral.com/redirect/articles/62439/2008/03/10http://www.sqlservercentral.com/redirect/articles/62439/An upgrade to the Best Practices Analyzer from Microsoft is now available. Here's a blog post from the SQL CAT team.http://www.sqlservercentral.com/redirect/articles/62020/2008/01/21http://www.sqlservercentral.com/redirect/articles/62020/Longtime SQL Server guru David Poole brings us a look at one of the thorny problems a DBA faces: tracking down illicit users.http://www.sqlservercentral.com/articles/Security/61678/2008/01/15http://www.sqlservercentral.com/articles/Security/61678/Part 2 of this article discusses how to hack/de-cipher the data that has been encrypted by passphrase.http://www.sqlservercentral.com/redirect/articles/61831/2008/01/10http://www.sqlservercentral.com/redirect/articles/61831/ Learn how using basic SQL Server security practices of least privilege, delegated administration and separation of duties will protect SQL Server databases.http://www.sqlservercentral.com/redirect/articles/61838/2008/01/09http://www.sqlservercentral.com/redirect/articles/61838/SQL Server 2005 provides four methods of encryption. Part one of this article covers encryption and decryption by passphrase.http://www.sqlservercentral.com/redirect/articles/61830/2008/01/07http://www.sqlservercentral.com/redirect/articles/61830/Greg Larsen discusses the different options available within SQL Server 2005 for managing security.http://www.sqlservercentral.com/redirect/articles/61730/2008/01/01http://www.sqlservercentral.com/redirect/articles/61730/How anonymous are your ratings and other opinions on the Internet? Not as much as you might think.http://www.sqlservercentral.com/articles/Editorial/61779/2007/12/27http://www.sqlservercentral.com/articles/Editorial/61779/How many DBAs need a solution to track those changes made for multiple systems? Auditing is becoming more and more prevalent in all systems and having a good solution can really make your DBA job interesting. New author Keren Ramot brings us his technique that works indepedent of the database structure. http://www.sqlservercentral.com/articles/Security/2773/2007/12/26http://www.sqlservercentral.com/articles/Security/2773/Study encryption and hashing algorithm options for data security in SQL Server 2005 and use symmetric/asymmetric keys to encrypt and decrypt SQL Server data.http://www.sqlservercentral.com/redirect/articles/61732/2007/12/25http://www.sqlservercentral.com/redirect/articles/61732/Its a graphical representation of login creation in SQL Server 2005 for SQL Server Authentication Mode.http://www.sqlservercentral.com/articles/SQL+Server+2005/61474/2007/12/18http://www.sqlservercentral.com/articles/SQL+Server+2005/61474/There are over half a million database servers out on the Internet without protection. How can this happen?http://www.sqlservercentral.com/articles/Editorial/61655/2007/12/04http://www.sqlservercentral.com/articles/Editorial/61655/Learn how to reorganize permissions in SQL Server 2005 in a multiple database environment. http://www.sqlservercentral.com/redirect/articles/61563/2007/11/29http://www.sqlservercentral.com/redirect/articles/61563/The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for the encryption of electronic data. It is expected to become the accepted means of encrypting digital information, including financial, telecommunications, and government data. This article presents an overview of AES and explains the algorithms it uses. Included is a complete C# implementation and examples of encrypting .NET data. After reading this article you will be able to encrypt data using AES, test AES-based software, and use AES encryption in your systems.http://www.sqlservercentral.com/redirect/articles/61269/2007/10/19http://www.sqlservercentral.com/redirect/articles/61269/SQL Server 2005 introduces the concept of schemas as opposed to object owners found in previous versions. This article will explain the differences between the two and, hopefully, clear up some of the confusion that still exists about schemas.http://www.sqlservercentral.com/redirect/articles/61268/2007/10/18http://www.sqlservercentral.com/redirect/articles/61268/The Sarbanes-Oxley act has changed many IT jobs, usually requiring more work and documentation. Johan Bijnens brings us a list of some things his team has had to do to comply with SOX regulations. http://www.sqlservercentral.com/articles/Security/3203/2007/10/02http://www.sqlservercentral.com/articles/Security/3203/This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, Using .NET features to prevent attacks, and Importance of handling exceptionshttp://www.sqlservercentral.com/redirect/articles/3239/2007/09/19http://www.sqlservercentral.com/redirect/articles/3239/A patch to your SQL Server system can cause problems, but an unpatched SQL Server is unprotected. Learn the pros and cons of SQL Server patches. http://www.sqlservercentral.com/redirect/articles/3195/2007/09/04http://www.sqlservercentral.com/redirect/articles/3195/Auditing is something that almost every DBA needs to tackle at some point in his or her career. David McKinney brings a new twist on the solution by using XML and XSL to help implement auditing in your SQL Server application. http://www.sqlservercentral.com/articles/Security/3179/2007/08/20http://www.sqlservercentral.com/articles/Security/3179/