SQLServerCentral.com Content tagged Security, T-SQL

Master Keys

Fri, 25 May 2012 06:00:00 UT

HASHBYTES

Thu, 09 Feb 2012 07:00:00 UT

Hashing

Tue, 24 Jan 2012 07:00:00 UT

who can do what?

Mon, 31 Oct 2011 06:00:00 UT

list each user has the right to do

Securing Reporting Services Reports

Tue, 18 May 2010 06:00:00 UT

Learn how you can get the userid of someone connected to Reporting Services and use that information to determine if they can view the report.

Find weak login passwords in your server

Tue, 05 Jan 2010 07:00:00 UT

Use this script to search for SQL Server logins who use weak password

Extending the REVERT statement using the WITH COOKIE clause in SQL Server 2005

Thu, 15 Jan 2009 07:00:00 UT

In a previous tip on Switching Execution Context using the REVERT clause, you have seen how to switch execution context to a more privileged user and revert back to the original context of the caller within a programmable object. The REVERT clause accepts a parameter WITH COOKIE to provide an even more granular option. How do we use it?

Permission scripting over all databases

Wed, 10 Sep 2008 07:28:09 UT

Scripts permissions/roles for db user across all databases.

public access to extended SP's

Fri, 08 Aug 2008 06:00:00 UT

check public access to extended stored procedures

Find Guest user access level in all databases

Wed, 06 Aug 2008 06:00:00 UT

Search for GUEST Access Level in all

A Hex on Your Database

Fri, 06 Jun 2008 06:00:00 UT

Why Object Qualification is important.

Mon, 10 Mar 2008 06:00:00 UT

You have all read about why object qualification is important. You also must have heard of why stored Proc should not have sp_ as prefix to the name. Now let us proove if this is all true.

GrantExecAllUserAllSpandfunctions.sql

Fri, 04 Jan 2008 07:00:00 UT

Grant permits execution to all user on all sp and functions

Encrypting Data With the Encrypt Function

Mon, 29 May 2006 06:00:00 UT

One of the major problems in the database field is when people store sensitive data unencrypted into SQL Server. This article shows you one of the most basic ways to encrypt data to the casual viewer.

Logins, Users, and Roles - Getting Started

Fri, 30 Sep 2005 06:00:00 UT

Do you know the difference between a login and a user? What's the best way to add them; Enterprise Manager, T-SQL, or SQL-DMO? In this beginner level article Andy demonstrates how to use all three methods to add logins and users and offers his view of which is the best technique.

Dynamic SQL or Stored Procedure

Fri, 26 Aug 2005 06:00:00 UT

We've had a lot of coverage of dynamic sql (including another great one from Robert Marda later this week) but this one is a little different. Done in a question/answer format, Andy tries to explain to junior developers why dynamic sql is to be avoided, how to do so, what to do when you can't.

Stop SQL Injection Attacks Before They Stop You

Fri, 20 Aug 2004 06:00:00 UT

A new article from MSDN magazine on stopping SQL Injection attacks by examining how the SQL can be exploited. It's a good basic article for developers as well as DBAs who might have to review code.

Save Your Password

Mon, 12 Jul 2004 06:00:00 UT

Storing passwords in SQL Server for authentication by your application is a common practice. But not always a good one. Someone with access could easily see all passwords and perhaps cause mischief inside your application. Imagine the office gossip getting access to your HR application as the HR director! Not a good thing. Dinesh Asanka has written a short piece on how you can use a built in function in SQL Server to encrypt these passwords and use them with a minimum of effort.

How to Make Sure You Have Good Passwords

Tue, 02 Mar 2004 07:00:00 UT

As Robin points out there is no built in way to make sure users have strong passwords when using SQL authentication. There are a couple changes you can make (with appropriate warnings!) that will allow you to do this. Read on to find out why and how.

SQL Injection!

Mon, 02 Feb 2004 07:00:00 UT

Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.

Dynamic SQL or Stored Procedure

Fri, 26 Aug 2005 06:00:00 UT

Review of SQL 2000 Fast Answers

Fri, 18 Apr 2003 06:00:00 UT

A monster book at 980 pages, it's written in 'how-to' format and has a ton of good material. Andy gave it the once over for us and reports back - see what he thinks!

Logins, Users, and Roles - Getting Started

Fri, 30 Sep 2005 06:00:00 UT

The Case for SQL Logins - Part Two

Mon, 19 Aug 2002 06:00:00 UT

In this follow up to one of our most popular articles, Andy responds to comments posted by readers and discusses how to manage SQL logins effectively in your applications.

Review of SQL Server 2000 Programming (MSPress)

Tue, 04 Jun 2002 06:00:00 UT

Andy sits down with an entry level book to see if he should use it at work as a teaching aid. Did he like it? Should you buy it? Read the review now!

Auditing Your SQL Server Environment Part II Auditing Your SQL Server

Thu, 30 May 2002 06:00:00 UT

In this article by Randy Dyess he shares with you the script on how he audits his environment and outputs reports of the permissions that users have.

Auditing Your SQL Server Environment Part I

Tue, 02 Apr 2002 06:00:00 UT

Ever been placed into a new environment and couldn't find an ounce of documentation? This article is the first in a series that will help you make an audit of your new environment and determine if any SQL Server login does not have a password, has a password the same as the login name or a password that is only one character long.

Dynamic SQL vs. Static SQL Part 1 - Security

Wed, 27 Feb 2002 07:00:00 UT

Sooner or later everyone who works with SQL Server hears that it is better to avoid dynamic SQL at all cost. Dynamic SQL will force you to give out more permissions than static SQL. This article by Robert Marda shows you some of the security issues with dynamic SQL.

Using Java to Encrypt Passwords

Thu, 19 Jul 2001 06:00:00 UT

Lots of applications store user names and passwords in the database. This article presents a method for encypting this information using Java.

Encrypting Data With the Encrypt Function

Mon, 29 May 2006 06:00:00 UT