http://www.sqlservercentral.com/Content tagged SQL Server 2005 - Security, SQL Server 2005 posted on SQLServerCentral.comen-us360sjones@sqlservercentral.com (Steve Jones)Security was a major focus of SQL Server 2005 during its development, both in terms of making the product secure as well as enhancing the options. Security expert Brian Kelley brings us a look at how the paradigm of logins has changed and what you need to look for in SQL Server 2005. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/2008/04/11http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/SQL Server 2005 includes a number of new security enhancements to aid the DBA in managing their SQL Server. DDL triggers allow you to trap all kinds of DDL events that occur on your server. S. Srivathsani brings us a look at these new events. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2927/2008/03/17http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2927/SQL Server 2005 has greatly changed the security paradigm for SQL Server DBAs. The sa account still exists, but for many tasks you can now avoid using it. New author Ken Johnson brings us some ides for properly securing this highly privileged account. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2873/2008/02/20http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2873/Learn how to set up delegation on your SQL Server instances, so you can use the impersonate options when setting up the security properties of linked server definitions.http://www.sqlservercentral.com/redirect/articles/3221/2007/09/11http://www.sqlservercentral.com/redirect/articles/3221/One of the more interesting new features with SQL Server 2005 is the native encryption built into the product. Expert SQL crpytographer, Michael Coles, brings us a look at the symmetric keys in SQL Server 2005 and how they can be used to encrypt data and be secured by a certificate. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sql2005symmetricencryption/2291/2007/08/24http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sql2005symmetricencryption/2291/This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, Using .NET features to prevent attacks, Importance of handling exceptionshttp://www.sqlservercentral.com/redirect/articles/3145/2007/08/09http://www.sqlservercentral.com/redirect/articles/3145/SQL Server 2005 has added encryption capabilities to the platform, much to the delight of many DBAs. However setting up encryption can be confusing and difficult for most DBAs. New author Mike Good brings us a perspective from someone who is brand new to this set of features and has spent time working through the functions and documenting them for the rest of us. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/3058/2007/08/02http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/3058/Improving SQL Server password management includes thorough password testing and securing SQL Server installations beyond the main database server.http://www.sqlservercentral.com/redirect/articles/3113/2007/07/31http://www.sqlservercentral.com/redirect/articles/3113/You are asked for the sa password for a SQL Server in order to perform a software upgrade. You, the DBA, don't know the password and it's not documented. Rodney Landrum provides a way out of this dilemma, demonstrating two techniques for temporarily changing the password, and then returning it to its previous unknown value.http://www.sqlservercentral.com/redirect/articles/3107/2007/07/18http://www.sqlservercentral.com/redirect/articles/3107/A nice How-To from one of the most respected SQL Server MVPs.http://www.sqlservercentral.com/redirect/articles/3086/2007/07/13http://www.sqlservercentral.com/redirect/articles/3086/This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, and more.http://www.sqlservercentral.com/redirect/articles/3073/2007/07/09http://www.sqlservercentral.com/redirect/articles/3073/SQL Server 2005 includes a number of new security enhancements to aid the DBA in managing their SQL Server. DDL triggers allow you to trap all kinds of DDL events that occur on your server. S. Srivathsani brings us a look at these new events. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2927/2008/03/17http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2927/One of the more interesting new features with SQL Server 2005 is the native encryption built into the product. Expert SQL crpytographer, Michael Coles, brings us a look at the symmetric keys in SQL Server 2005 and how they can be used to encrypt data and be secured by a certificate. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sql2005symmetricencryption/2291/2007/08/24http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sql2005symmetricencryption/2291/SQL Server 2005 has greatly changed the security paradigm for SQL Server DBAs. The sa account still exists, but for many tasks you can now avoid using it. New author Ken Johnson brings us some ides for properly securing this highly privileged account. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2873/2008/02/20http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2873/In this presentation at the Jacksonville SQL Server Users Group, Bayer White playS the part of a developer protecting his application and Brian Knight attempts to hack his application using SQL Injection and cross-site scripting. Then, Bayer will show you how to protect yourself from the hacker and then Brian tries again. Back and forth the chess match goes until someone wins! http://www.sqlservercentral.com/redirect/articles/2852/2007/02/12http://www.sqlservercentral.com/redirect/articles/2852/Security has become more and more important in today's business environment. From the database point of view, DBAs and system administrators need an improved security model. SQL Server 2005 provides an improved security feature. It is claimed that SQL Server 2005 is secure by default. In SQL Server 2005, the security model is divided into three areas namely authentication, authorization, and encryption.http://www.sqlservercentral.com/redirect/articles/2727/2006/12/29http://www.sqlservercentral.com/redirect/articles/2727/Security was a major focus of SQL Server 2005 during its development, both in terms of making the product secure as well as enhancing the options. Security expert Brian Kelley brings us a look at how the paradigm of logins has changed and what you need to look for in SQL Server 2005. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/2008/04/11http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/There are quite a few changes in SQL Server 2005 and many of those relate to security. Did you know the sa account can be disabled by default? Longtime author Raj Vasant brings a basic look at connecting and authenticating in SQL Server 2005. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2693/2006/11/14http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/2693/Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.http://www.sqlservercentral.com/redirect/articles/2620/2006/10/12http://www.sqlservercentral.com/redirect/articles/2620/Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment. http://www.sqlservercentral.com/articles/Security/2633/2006/10/03http://www.sqlservercentral.com/articles/Security/2633/Ownership chains have unique permissions' issues in SQL Server 2005. Contributor Serdar Yegulalp explains the access levels of ownership chains, and the benefits of "EXECUTE AS."http://www.sqlservercentral.com/redirect/articles/2614/2006/09/29http://www.sqlservercentral.com/redirect/articles/2614/Microsoft IT developed strategies to reduce the duplication of sensitive data and improve the security of personally identifiable information in the Microsoft IT LOB application space. These strategies are based on the new security features and functionalities that Microsoft® SQL Server™ 2005 includes.http://www.sqlservercentral.com/redirect/articles/2578/2006/09/05http://www.sqlservercentral.com/redirect/articles/2578/Security was a major focus of SQL Server 2005 during its development, both in terms of making the product secure as well as enhancing the options. Security expert Brian Kelley brings us a look at how the paradigm of logins has changed and what you need to look for in SQL Server 2005. http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/2008/04/11http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/Learn about SQL Server security techniques including the principle of least privilege, controlling metadata visibility, separation of users and schemas, and more.http://www.sqlservercentral.com/redirect/articles/2370/2006/04/12http://www.sqlservercentral.com/redirect/articles/2370/This paper describes how SQL Server 2005 can be used to support row- and cell-level security (RLS/CLS). The examples provided in this white paper show how RLS and CLS can be used to meet classified database security requirements.http://www.sqlservercentral.com/redirect/articles/2268/2006/02/02http://www.sqlservercentral.com/redirect/articles/2268/Right out of the box, SQL Server 2005 does not install many of its services (such as SQL Server Reporting Services) or does not have features turned on by default (.NET integration), thereby reducing the attack vectors that hackers could use to compromise your data security. http://www.sqlservercentral.com/redirect/articles/2123/2005/10/27http://www.sqlservercentral.com/redirect/articles/2123/In this article I'll explore the most interesting security enhancements in SQL Server 2005 from a developer's viewpoint. I covered admin security features in the Spring 2005 issue of TechNet Magazine. But there are plenty of dev-specific security enhancements I can explore, such as endpoint authentication and support for the security context of managed code that executes on the server.http://www.sqlservercentral.com/redirect/articles/1877/2005/05/27http://www.sqlservercentral.com/redirect/articles/1877/As every developer knows by now, Microsoft has focused renewed attention on security in recent product releases. One of the important concepts in this effort is surface area. Roughly speaking, a piece of software has a smaller surface area if there are fewer ways to attack it: fewer open ports, fewer APIs, fewer protocols, and so on. OSQL Server 2005 takes this concept to the next level by letting you explicitly manage the software's surface area. http://www.sqlservercentral.com/redirect/articles/1841/2005/04/21http://www.sqlservercentral.com/redirect/articles/1841/In this article, we will conclude our coverage of security related changes in SQL Server 2005 Beta 2 (although we will continue discussion of improvements in other functionality areas throughout the reminder of this series). The topics we will focus on here are code and module signing, modifications of SQL Server Agent and SQL Profiler operations, as well as monitoring and auditing changes.http://www.sqlservercentral.com/redirect/articles/1793/2005/03/23http://www.sqlservercentral.com/redirect/articles/1793/After discussing authentication and authorization behavior of SQL Server 2005 Beta 2 in the previous two articles of this series, it is time to look into other security-related changes. In particular, we will focus on the freshly introduced native database encryption capabilities. While some encryption functionality existed in the previous versions (e.g. involving column encryption APIs within User Defined Functions or PWDENCRYPT password one-way hash function), it was relatively limited and rarely used. SQL Server 2005 provides significant improvements in this area.http://www.sqlservercentral.com/redirect/articles/1764/2005/03/09http://www.sqlservercentral.com/redirect/articles/1764/