This script leverages master.sys.server_principals and xp_logininfo to return accounts, domain groups, and members in a SQL Server admin fixed role.  Read more...

Is the cloud secure? How can you be sure? Steve Jones talks a little about some ways you can try to check on your cloud provider.  Read more...

Encryption is supposed to protect data, and it appears to be working as police and authorities are often stymied by encrypted disks. Steve Jones recommends you encrypt your disks on all your machines.  Read more...

Oracle touted its database software as unbreakable, but many security researchers think the company is not spending enough effort on security. Steve Jones has a few comments.  Read more...

A good security scheme will contain many layers. Today Steve Jones talks about one of those: good habits.  Read more...

This article from Warren Campbell shows a process to recreate permissions in development environments after restoring a database from a production instance.  Read more...

This Friday Steve Jones asked about penetration testing of your security. Have any of you ever tested your systems?  Read more...

SQL Server is used to support many applications and one such feature of most applications is the storage of passwords. Sometimes there is a need to reset a password using a temporary password or generate a random password for a new user. In this tip I cover a simple stored procedure to generate random passwords that can be incorporated into your applications.   Read more...

This editorial was originally published on Jan 17, 2007. It is being republished as Steve is on vacation. This one deals with data security.  Read more...

Why are sites still being hit by SQL Injection on a large scale? Steve Jones talks about a recent large scale attack that affected over a million sites.  Read more...

Enabling TDE is simple to do, but it can be more complex when you look to remove the feature from SQL Server. Steve Perry brings you a procedure you can use to help you.  Read more...

Today we have an editorial that was originally published on Oct 9, 2006. Steve Jones talks about the issues of turnover, passwords, and security.  Read more...

This editorial was originally published on Oct 21, 2006. It is being re-run as Steve is out at SQL in the City today. This one talks about the security of USB devices and the potential problems of employees copying data.  Read more...

How hard is it to anonymize data? According to some research, it might be close to impossible. The problem is that we are gathering so much data that cross referencing data sets becomes a problem. Steve Jones talks today about the implications of this for security.  Read more...

Could your job as a data professional result in the death of someone? It's entirely possible this might affect you at some point. Steve Jones talks about why you ought to do your best when setting up security.  Read more...

It seems that there are new types of hacker attacks, not looking to steal information for profit, but for disclosure as an embarrassment. Steve Jones talks about the potential downsides for DBAs.  Read more...

As more and more companies move to virtualized servers, security should be on their minds. Steve Jones talks about that changes that you should consider.  Read more...

Today Steve talks about security and the fact that your window for lax security is shrinking for new applications.  Read more...

We're pretty confident that we have locked down and encrypted our financial data, but a lot of our customer's PII (Personally Identifiable Information) data is still held in unencrypted form. This data is able to be selected directly by read only business users on many of our downstream reporting, datawarehouse and standby servers. The rise of identity theft makes protecting this data imperative. DBAs are the custodians of this information and must protect it like we protect our own personal information. Recent publicity over the theft of Sony PSN data underscores both the economic and ethical importance of protecting personal data.  Read more...

Arshad Ali examines the different types and different layers of security that SQL Server Service Broker provides during communication and while accessing Service Broker objects.  Read more...