SQLServerCentral.com Content tagged Security

Loginless In Seattle

Mon, 13 May 2013 06:00:00 UT

Identify orphaned Database Users and differentiate them from "Loginless" Database Users.

The Security of You

Fri, 03 May 2013 06:00:00 UT

There is a lot of data out there that is specific to an individual, none more important perhaps than biometric data. Steve Jones writes a bit about the security implications involved in working with this data. (This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.)

Getting the lowdown on 18456 errors

Tue, 30 Apr 2013 06:00:00 UT

If you can establish a connection to a SQL Server, but are having problems logging in to it, you will...

Script to find username and corresponding loginname for all user DB

Mon, 29 Apr 2013 06:00:00 UT

Script to find username and corresponding loginname for all user database in SQL Server

Change DB Owner to sa for multiple DB's

Fri, 26 Apr 2013 06:00:00 UT

Changes DB owner to sa for Online DB's where owner is not sa

The Patch Wild, Wild West

Wed, 17 Apr 2013 06:00:00 UT

Microsoft might be changing their patching process for applications. This has Steve Jones worried they may move towards an Apple/iOS like model, which would not be good for server systems.

Security: People Are the Weakest Link

Fri, 05 Apr 2013 06:00:00 UT

There was an interesting conversation on Twitter today about security awareness and why the training so often fails. From my perspective, here's...

How do I move a SQL login from one server to another without the password?

Wed, 03 Apr 2013 06:00:00 UT

This is an uncommon task but one that does turn up every once in awhile. A SQL login has to...

The Command Shell

Fri, 29 Mar 2013 06:00:00 UT

This Friday Steve Jones talks about xp_cmdshell and the security regarding its use. Do you have any holes that might exist if administrators are allowed to use this tool on their instances?

A Good Security Response

Tue, 26 Mar 2013 06:00:00 UT

Evernote recently had a security incident and forced all users to reset their passwords. Many people thought this was a good response to a security incident. Would your company act in a similar manner?

12 essential tools for database professionals
The SQL Developer Bundle contains 12 tools designed with the SQL Server developer and DBA in mind. Try it now.

Algorithm Secrecy is not Security

Mon, 18 Mar 2013 06:00:00 UT

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.

Script to clean up “Windows” logins no longer in AD

Tue, 12 Mar 2013 06:00:00 UT

I was scanning http://dba.stackexchange.com and ran across the following question: http://dba.stackexchange.com/questions/31478/sql-server-script-to-delete-accounts-no-longer-in-active-directory Basically the OP wanted to know how to get rid of...

Securing SQL Server: Vulnerabilities You Might Not Have Considered

Thu, 07 Mar 2013 07:00:00 UT

A short look at the vulnerabilities your data may be susceptible to outside of the database tables.

Data We Don't Want

Tue, 05 Mar 2013 07:00:00 UT

There's potentially an exploit that can download lots of data to a machine. This shouldn't be a concern for servers, but you never know.

How to recover a SQL Server login password.

Mon, 04 Mar 2013 07:00:00 UT

I will describe a simple method anyone can use to obtain lost password information for a SQL Server login.

Security Change Snapshot

Thu, 28 Feb 2013 07:00:00 UT

This script gives a server level snapshot of recent security changes

Alter User

Mon, 18 Feb 2013 07:00:00 UT

Stored Procedures and SQL Injection

Mon, 18 Feb 2013 07:00:00 UT

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.

12 essential tools for database professionals
The SQL Developer Bundle contains 12 tools designed with the SQL Server developer and DBA in mind. Try it now.

Granting Permission to Grant Permissions

Fri, 08 Feb 2013 07:00:00 UT

I’ve never felt the need to allow this, but I saw someone ask the questions recently. Suppose you had a...

Serious Security

Thu, 17 Jan 2013 07:00:00 UT

The password issue has Steve Jones concerned. So many of us that use computing devices don't do a good job of securing our information.

Statistical Protection

Tue, 08 Jan 2013 07:00:00 UT

Statistical databases contain lots of information that can be used in a variety of ways, but it can also be abused. Steve Jones talks about some of the problems and potential solutions.

The $50,000 Laptop

Mon, 07 Jan 2013 07:00:00 UT

The average value of a lost laptop has been found to be much more than you might expect. Steve Jones talks about a recent study.

List all Usernames, Roles for all the databases.

Mon, 31 Dec 2012 07:00:00 UT

Generates a list of ALL Users and their database Roles for all Databases (Or for a specific user).

The Principle of Least Privilege

Fri, 21 Dec 2012 07:00:00 UT

One of the tenets of good security is that no person or process is granted more rights than it needs...

You Need to Manage Passwords

Tue, 18 Dec 2012 07:00:00 UT

I saw a note this week from CNet about a system built to crack passwords (also on ArsTechnica). It reminded...

Logins vs Users

Wed, 12 Dec 2012 07:00:00 UT

Logins are not Users. It’s a pretty easy concept but one that seems to give a lot of people problems....

Regulators, Mount Up

Wed, 28 Nov 2012 07:00:00 UT

If you are bound by HIPAA regulations, you may have more auditing in your future. If you're not, perhaps you should still pay attention to the criteria being used for auditing.

Password Insecurities

Mon, 26 Nov 2012 07:00:00 UT

Tony Davis argues that the Standards and best practices exist to avoid being hacked, but implementing them requires time and investment and often there simply doesn't seem to be the will to do it.

Unprotected Queries

Tue, 06 Nov 2012 07:00:00 UT

There are over half a million database servers out on the Internet without protection. How can this happen?

SQL Server Reporting Services 2012 Permissions

Wed, 31 Oct 2012 06:00:00 UT

As you begin developing reports for deployment to a Report Server, what security considerations need to be taken into account in order to grant users access to run a report.