Security was a major focus of SQL Server 2005 during its development, both in terms of making the product secure as well as enhancing the options. Security expert Brian Kelley brings us a look at how the paradigm of logins has changed and what you need to look for in SQL Server 2005.   Read more...

SQL Server 2005 includes a number of new security enhancements to aid the DBA in managing their SQL Server. DDL triggers allow you to trap all kinds of DDL events that occur on your server. S. Srivathsani brings us a look at these new events.   Read more...

SQL Server 2005 has greatly changed the security paradigm for SQL Server DBAs. The sa account still exists, but for many tasks you can now avoid using it. New author Ken Johnson brings us some ides for properly securing this highly privileged account.   Read more...

Learn how to set up delegation on your SQL Server instances, so you can use the impersonate options when setting up the security properties of linked server definitions.  Read more...

One of the more interesting new features with SQL Server 2005 is the native encryption built into the product. Expert SQL crpytographer, Michael Coles, brings us a look at the symmetric keys in SQL Server 2005 and how they can be used to encrypt data and be secured by a certificate.   Read more...

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, Using .NET features to prevent attacks, Importance of handling exceptions  Read more...

SQL Server 2005 has added encryption capabilities to the platform, much to the delight of many DBAs. However setting up encryption can be confusing and difficult for most DBAs. New author Mike Good brings us a perspective from someone who is brand new to this set of features and has spent time working through the functions and documenting them for the rest of us.   Read more...

Improving SQL Server password management includes thorough password testing and securing SQL Server installations beyond the main database server.  Read more...

You are asked for the sa password for a SQL Server in order to perform a software upgrade. You, the DBA, don't know the password and it's not documented. Rodney Landrum provides a way out of this dilemma, demonstrating two techniques for temporarily changing the password, and then returning it to its previous unknown value.  Read more...

A nice How-To from one of the most respected SQL Server MVPs.  Read more...

This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, and more.  Read more...

SQL Server 2005 includes a number of new security enhancements to aid the DBA in managing their SQL Server. DDL triggers allow you to trap all kinds of DDL events that occur on your server. S. Srivathsani brings us a look at these new events.   Read more...

One of the more interesting new features with SQL Server 2005 is the native encryption built into the product. Expert SQL crpytographer, Michael Coles, brings us a look at the symmetric keys in SQL Server 2005 and how they can be used to encrypt data and be secured by a certificate.   Read more...

SQL Server 2005 has greatly changed the security paradigm for SQL Server DBAs. The sa account still exists, but for many tasks you can now avoid using it. New author Ken Johnson brings us some ides for properly securing this highly privileged account.   Read more...

In this presentation at the Jacksonville SQL Server Users Group, Bayer White playS the part of a developer protecting his application and Brian Knight attempts to hack his application using SQL Injection and cross-site scripting. Then, Bayer will show you how to protect yourself from the hacker and then Brian tries again. Back and forth the chess match goes until someone wins!   Read more...

Security has become more and more important in today's business environment. From the database point of view, DBAs and system administrators need an improved security model. SQL Server 2005 provides an improved security feature. It is claimed that SQL Server 2005 is secure by default. In SQL Server 2005, the security model is divided into three areas namely authentication, authorization, and encryption.  Read more...

Security was a major focus of SQL Server 2005 during its development, both in terms of making the product secure as well as enhancing the options. Security expert Brian Kelley brings us a look at how the paradigm of logins has changed and what you need to look for in SQL Server 2005.   Read more...

There are quite a few changes in SQL Server 2005 and many of those relate to security. Did you know the sa account can be disabled by default? Longtime author Raj Vasant brings a basic look at connecting and authenticating in SQL Server 2005.   Read more...

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.  Read more...

Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment.   Read more...