Identify orphaned Database Users and differentiate them from "Loginless" Database Users.  Read more...

There is a lot of data out there that is specific to an individual, none more important perhaps than biometric data. Steve Jones writes a bit about the security implications involved in working with this data. (This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.)  Read more...

Microsoft might be changing their patching process for applications. This has Steve Jones worried they may move towards an Apple/iOS like model, which would not be good for server systems.   Read more...

This Friday Steve Jones talks about xp_cmdshell and the security regarding its use. Do you have any holes that might exist if administrators are allowed to use this tool on their instances?  Read more...

Evernote recently had a security incident and forced all users to reset their passwords. Many people thought this was a good response to a security incident. Would your company act in a similar manner?  Read more...

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.  Read more...

A short look at the vulnerabilities your data may be susceptible to outside of the database tables.   Read more...

There's potentially an exploit that can download lots of data to a machine. This shouldn't be a concern for servers, but you never know.  Read more...

I will describe a simple method anyone can use to obtain lost password information for a SQL Server login.  Read more...

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.  Read more...

The password issue has Steve Jones concerned. So many of us that use computing devices don't do a good job of securing our information.  Read more...

Statistical databases contain lots of information that can be used in a variety of ways, but it can also be abused. Steve Jones talks about some of the problems and potential solutions.  Read more...

The average value of a lost laptop has been found to be much more than you might expect. Steve Jones talks about a recent study.  Read more...

If you are bound by HIPAA regulations, you may have more auditing in your future. If you're not, perhaps you should still pay attention to the criteria being used for auditing.  Read more...

Tony Davis argues that the Standards and best practices exist to avoid being hacked, but implementing them requires time and investment and often there simply doesn't seem to be the will to do it.  Read more...

There are over half a million database servers out on the Internet without protection. How can this happen?  Read more...

As you begin developing reports for deployment to a Report Server, what security considerations need to be taken into account in order to grant users access to run a report.  Read more...

I want to backup my SQL Server databases to a folder, but I want to minimize who has access to the folder. In other words, I want to make sure that members of the Windows Local Administrators group don't get to the backups without intentionally trying to bypass the security. How do I do that?   Read more...

A database security survey for a CS student. If you can spare a few minutes, I know he'd appreciate it.   Read more...

If we rewrite the coding rules, will software be more secure? Steve Jones thinks it might and that we should be constantly looking to change the techniques, patterns, and skills we have.  Read more...