SQLServerCentral.com Articles tagged Security

Loginless In Seattle

Mon, 13 May 2013 06:00:00 UT

Identify orphaned Database Users and differentiate them from "Loginless" Database Users.

The Security of You

Fri, 03 May 2013 06:00:00 UT

There is a lot of data out there that is specific to an individual, none more important perhaps than biometric data. Steve Jones writes a bit about the security implications involved in working with this data. (This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.)

Get alerts within 15 seconds of SQL Server issues
SQL Monitor checks performance data every 15 seconds, so you can fix issues before your users even notice them. Start monitoring with a free trial.

The Patch Wild, Wild West

Wed, 17 Apr 2013 06:00:00 UT

Microsoft might be changing their patching process for applications. This has Steve Jones worried they may move towards an Apple/iOS like model, which would not be good for server systems.

The Command Shell

Fri, 29 Mar 2013 06:00:00 UT

This Friday Steve Jones talks about xp_cmdshell and the security regarding its use. Do you have any holes that might exist if administrators are allowed to use this tool on their instances?

A Good Security Response

Tue, 26 Mar 2013 06:00:00 UT

Evernote recently had a security incident and forced all users to reset their passwords. Many people thought this was a good response to a security incident. Would your company act in a similar manner?

Top 5 hard-earned Lessons of a DBA
New! Part 4, ‘Disturbing Development’ by Grant Fritchey, features the return of Joe Deebeeay and a server-threatening encounter with ORMs - read it here

Algorithm Secrecy is not Security

Mon, 18 Mar 2013 06:00:00 UT

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.

Securing SQL Server: Vulnerabilities You Might Not Have Considered

Thu, 07 Mar 2013 07:00:00 UT

A short look at the vulnerabilities your data may be susceptible to outside of the database tables.

Data We Don't Want

Tue, 05 Mar 2013 07:00:00 UT

There's potentially an exploit that can download lots of data to a machine. This shouldn't be a concern for servers, but you never know.

How to recover a SQL Server login password.

Mon, 04 Mar 2013 07:00:00 UT

I will describe a simple method anyone can use to obtain lost password information for a SQL Server login.

Stored Procedures and SQL Injection

Mon, 18 Feb 2013 07:00:00 UT

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.

Serious Security

Thu, 17 Jan 2013 07:00:00 UT

The password issue has Steve Jones concerned. So many of us that use computing devices don't do a good job of securing our information.

Statistical Protection

Tue, 08 Jan 2013 07:00:00 UT

Statistical databases contain lots of information that can be used in a variety of ways, but it can also be abused. Steve Jones talks about some of the problems and potential solutions.

Make working with SQL a breeze
SQL Prompt 5 is the effortless way to write, edit, and explore SQL. It's packed with features such as code completion, script summaries, and SQL reformatting, that make working with SQL a breeze. Try it now.

The $50,000 Laptop

Mon, 07 Jan 2013 07:00:00 UT

The average value of a lost laptop has been found to be much more than you might expect. Steve Jones talks about a recent study.

Regulators, Mount Up

Wed, 28 Nov 2012 07:00:00 UT

If you are bound by HIPAA regulations, you may have more auditing in your future. If you're not, perhaps you should still pay attention to the criteria being used for auditing.

Password Insecurities

Mon, 26 Nov 2012 07:00:00 UT

Tony Davis argues that the Standards and best practices exist to avoid being hacked, but implementing them requires time and investment and often there simply doesn't seem to be the will to do it.

Unprotected Queries

Tue, 06 Nov 2012 07:00:00 UT

There are over half a million database servers out on the Internet without protection. How can this happen?

SQL Server Reporting Services 2012 Permissions

Wed, 31 Oct 2012 06:00:00 UT

As you begin developing reports for deployment to a Report Server, what security considerations need to be taken into account in order to grant users access to run a report.

Protecting the SQL Server Backup folder

Tue, 02 Oct 2012 06:00:00 UT

I want to backup my SQL Server databases to a folder, but I want to minimize who has access to the folder. In other words, I want to make sure that members of the Windows Local Administrators group don't get to the backups without intentionally trying to bypass the security. How do I do that?

Database Security Survey

Wed, 26 Sep 2012 06:00:00 UT

A database security survey for a CS student. If you can spare a few minutes, I know he'd appreciate it.

Rewrite the Coding Rules

Mon, 24 Sep 2012 06:00:00 UT

If we rewrite the coding rules, will software be more secure? Steve Jones thinks it might and that we should be constantly looking to change the techniques, patterns, and skills we have.

Data Worms

Thu, 20 Sep 2012 06:00:00 UT

Worms have been around a long time in computer systems. However changes in the global policies of governments and the possible retaliation for cyber warfare should have DBAs concerned.

Make a Backup First

Wed, 22 Aug 2012 06:00:00 UT

The hack on a Gizmodo writer using Amazon and Apple customer service security holes was shocking. Steve Jones notes that while security is important, backups are even more important.

Separate Accounts

Fri, 10 Aug 2012 06:00:00 UT

Security is a complex process, one that is becoming more and more important to DBAs all the time. This week Steve Jones wants to know how security is handled for your service accounts.

How to Audit Login Changes on a SQL Server

Mon, 06 Aug 2012 06:00:00 UT

I've been charged with coming up with a quick solution to audit login changes on my SQL Servers. However, there's no budget so I'm going to have to come up with basic scripts and the like to do the work. Is this tip we cover a solution for you to audit login changes.

Top 5 hard-earned Lessons of a DBA
New! Part 4, ‘Disturbing Development’ by Grant Fritchey, features the return of Joe Deebeeay and a server-threatening encounter with ORMs - read it here

Issues Determining an Individual SQL Server User's Permissions

Thu, 02 Aug 2012 06:00:00 UT

Recently I was supporting a third party application. It queries to determine what tables it has permissions to before it proceeds with the rest of its functionality. We had implemented permissions based on the best practice of creating roles, assigning the permissions to the roles, and then making the users members of the roles. The application was querying INFORMATION_SCHEMA.TABLE_PRIVILEGES and of course didn't find any permissions directly against the user in question. We ended up granting explicit permissions to the user so the application would work, but I'm more interested in the general case. How can I determine permissions for an individual user?

Performance Data

Fri, 27 Jul 2012 06:00:00 UT

Great DBAs collect all kinds of metrics on their instances and let them manage themselves. However many administrators need help monitoring and interpreting the data. Today Steve Jones asks if you think this data needs extra security or is it less of an issue than other PII data.

Security is Improving

Mon, 23 Jul 2012 06:00:00 UT

Today Steve Jones notes that security is improving at many web sites. It's not great, but it's improving. That's a good sign, or is it?

Write Better Code

Mon, 16 Jul 2012 06:00:00 UT

Better security can be achieved by writing better code. Steve Jones agrees, but doesn't think it's as easy as it sounds.

SQL Triggers in a Security Context

Thu, 12 Jul 2012 06:00:00 UT

This article will show you how to use user-defined triggers to supplement your security policies, preventing unauthorised data manipulation and blocking unfriendly logins.

Security and Honesty

Mon, 02 Jul 2012 06:00:00 UT

Today Steve Jones talks security and the need for us to share information about issues, especially those that impact security.