Steve Jones notes that SQL Injection is still a problem, and while it might be for some time to come, we should not be adding to the issues. Learn how to write secure code.  Read more...

This article will help you solve connection errors with SSIS due to permission issues.  Read more...

How do you keep track of passwords? A few experts out there share some of their techniques and Steve Jones adds his thoughts.  Read more...

Can we make a hack resistant database? A vendor claims this, but Steve Jones thinks it's not really a good claim to make and that we ought to make it our job to secure databases.  Read more...

The state of data security is getting better in the US, according to the 2013 survey from Symmatec. However we still have issues.  Read more...

Identify orphaned Database Users and differentiate them from "Loginless" Database Users.  Read more...

There is a lot of data out there that is specific to an individual, none more important perhaps than biometric data. Steve Jones writes a bit about the security implications involved in working with this data. (This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.)  Read more...

Microsoft might be changing their patching process for applications. This has Steve Jones worried they may move towards an Apple/iOS like model, which would not be good for server systems.   Read more...

This Friday Steve Jones talks about xp_cmdshell and the security regarding its use. Do you have any holes that might exist if administrators are allowed to use this tool on their instances?  Read more...

Evernote recently had a security incident and forced all users to reset their passwords. Many people thought this was a good response to a security incident. Would your company act in a similar manner?  Read more...

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.  Read more...

A short look at the vulnerabilities your data may be susceptible to outside of the database tables.   Read more...

There's potentially an exploit that can download lots of data to a machine. This shouldn't be a concern for servers, but you never know.  Read more...

I will describe a simple method anyone can use to obtain lost password information for a SQL Server login.  Read more...

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.  Read more...

The password issue has Steve Jones concerned. So many of us that use computing devices don't do a good job of securing our information.  Read more...

Statistical databases contain lots of information that can be used in a variety of ways, but it can also be abused. Steve Jones talks about some of the problems and potential solutions.  Read more...

The average value of a lost laptop has been found to be much more than you might expect. Steve Jones talks about a recent study.  Read more...

If you are bound by HIPAA regulations, you may have more auditing in your future. If you're not, perhaps you should still pay attention to the criteria being used for auditing.  Read more...

Tony Davis argues that the Standards and best practices exist to avoid being hacked, but implementing them requires time and investment and often there simply doesn't seem to be the will to do it.  Read more...