Worms have been around a long time in computer systems. However changes in the global policies of governments and the possible retaliation for cyber warfare should have DBAs concerned.  Read more...

The hack on a Gizmodo writer using Amazon and Apple customer service security holes was shocking. Steve Jones notes that while security is important, backups are even more important.  Read more...

Security is a complex process, one that is becoming more and more important to DBAs all the time. This week Steve Jones wants to know how security is handled for your service accounts.   Read more...

I've been charged with coming up with a quick solution to audit login changes on my SQL Servers. However, there's no budget so I'm going to have to come up with basic scripts and the like to do the work. Is this tip we cover a solution for you to audit login changes.  Read more...

Recently I was supporting a third party application. It queries to determine what tables it has permissions to before it proceeds with the rest of its functionality. We had implemented permissions based on the best practice of creating roles, assigning the permissions to the roles, and then making the users members of the roles. The application was querying INFORMATION_SCHEMA.TABLE_PRIVILEGES and of course didn't find any permissions directly against the user in question. We ended up granting explicit permissions to the user so the application would work, but I'm more interested in the general case. How can I determine permissions for an individual user?  Read more...

Great DBAs collect all kinds of metrics on their instances and let them manage themselves. However many administrators need help monitoring and interpreting the data. Today Steve Jones asks if you think this data needs extra security or is it less of an issue than other PII data.  Read more...

Today Steve Jones notes that security is improving at many web sites. It's not great, but it's improving. That's a good sign, or is it?   Read more...

Better security can be achieved by writing better code. Steve Jones agrees, but doesn't think it's as easy as it sounds.  Read more...

This article will show you how to use user-defined triggers to supplement your security policies, preventing unauthorised data manipulation and blocking unfriendly logins.  Read more...

Today Steve Jones talks security and the need for us to share information about issues, especially those that impact security.  Read more...

Passwords control most of our access to computer systems and provide some level of authentication, but their security depends heavily on their strength and privacy. Steve Jones says you can set a good example for others and hemp improve security on all systems.  Read more...

With all the recent worms and attacks out there, it's only a matter of time before someone focuses more on databases. With that in mind, Steve Jones thinks it's important we learn and use encryption and better security now.  Read more...

This paper introduces the security model for tabular BI semantic models in SQL Server 2012. You will learn how to create roles, implement dynamic security, configure impersonation settings, manage roles, and choose a method for connecting to models that works in your network security context.  Read more...

Siri is seen as a data security hole at IBM. This is something that Steve Jones thinks we might need to be more concerned about in the future, especially as more and more processing takes places outside of our walls.  Read more...

This article describes how to create user defined server roles and use stored procedures and queries related.  Read more...

A system administrator can set a good example with the passwords they give to users or a bad example. Which one do you set?  Read more...

Security is becoming more of an issue for mobile devices as we store and access more information on them all the time.  Read more...

With SQL Server 2000 no default server, database or application role was available to be able to execute all stored procedures. With SQL Server 2005, SQL Server 2008 and SQL Server 2008 R2 has this changed with all of the new security features? If not, what options do I have to grant execute rights to the needed database roles?  Read more...

Today Steve Jones talks about security and his desire to have certificates be the primary means of securing communications and verifying authenticity.  Read more...

Developers targeting the SQL Azure platform should make sure their applications are secure. This article walks through the considerations developers need to keep in mind when designing SQL Azure applications.  Read more...