Application roles often interesting possibilities in theory. In practice? Brian explores how they work and some of the pros/cons you should consider before selecting them for use in your applications.   Read more...

Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data.   Read more...

SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought.   Read more...

The SQL Server 2000 security model is not the best one of all the RDBMS platforms and requires some work to secure properly. One of the practices that is recommended is removing the builtin/administrators group from accessing the SQL Server. New author Kathi Kellenberger shows us some of the pitfalls she encountered when removing this group from her servers.   Read more...

Part 3 of Steve Jones' series on beginning SQL Server from the perspective of a system administrator or someone not used to working with SQL Server. If you've been designated the new administrator, take a look at this series for some help in coming up to speed on this product. This article looks at logins and basic security.   Read more...

Application roles often interesting possibilities in theory. In practice? Brian explores how they work and some of the pros/cons you should consider before selecting them for use in your applications.   Read more...

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...

Our SQL Server Security expert, Brian Kelley, brings us the first part of a new series on auditing. Most of the auditing articles we've had are based on how you audit changes to data. Brian looks at auditing from the server itself, explaining the different levels of auditing built into SQL Server 2000.   Read more...

SQL Server includes a great auditing tool: Profiler. It's not the easiest tool to use, however, and it's one that takes some getting used to. Our resident security export, Brian Kelley looks at a simple example of using this tool to audit logins.   Read more...

In this presentation at the Jacksonville SQL Server Users Group, Bayer White playS the part of a developer protecting his application and Brian Knight attempts to hack his application using SQL Injection and cross-site scripting. Then, Bayer will show you how to protect yourself from the hacker and then Brian tries again. Back and forth the chess match goes until someone wins!   Read more...

Brian is back with a new security article, this time working through the details of the fixed database roles. There are some important concepts here. In particular if you're not totally clear on the difference between dbo and db_owner, read this article.   Read more...

SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought.   Read more...

EFS provides a mechanism for encrypting files completely transparent to higher level applications such as SQL Server. In this article by Brian Kelley, he shows you how to implement this type of security in your environment.   Read more...

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.  Read more...

Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment.   Read more...

One of the major problems in the database field is when people store sensitive data unencrypted into SQL Server. This article shows you one of the most basic ways to encrypt data to the casual viewer.   Read more...

If you're performing a penetration test or higher-level security audit of your SQL Server systems, there's one test you must not miss. It seems obvious, but many people overlook it: SQL Server password testing. Given the inherent weaknesses compared with more secure Windows authentication, you should especially test for password flaws if you're using SQL Server authentication in mixed mode. Password testing will help you determine how easily others can break into your database and help you ensure SQL Server users are being responsible with their accounts.  Read more...

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...

Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data.   Read more...

Service Pack 3 for SQL Server 2000 is huge. There are significant changes in it and they apply to all three products: the core SQL Server, MSDE, and Analysis Services. Because there are so many changes, this first article in the series will only focus on the security changes.   Read more...

SQL Server 2005 builds some great encryption tools into the product, but what if you are stuck with SQL Server 2000? SQL Server expert Michael Coles brings us the first part of a series along with a free toolkit to manage encryption and keys.   Read more...

SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought.   Read more...

Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data.   Read more...