This week Steve Jones looks at a new idea, rating the security of products publicly to try and shame vendors into more secure coding.  Read more...

With AD Authentication via groups, SQL Server is vulnerable to orphaned Windows users' logins being added to SQL Server at a later date. This article gives an improved user audit script that detects orphaned DB Users and also a delete script.  Read more...

Today Steve Jones notes that back doors could be inserted into chips, which would be a huge problem.  Read more...

In SQL 2016 several new security features gets introduced which will help users to protect their data in many ways. New security feature Row Level Security (RLS) which implements the security inside the database itself, not at application level.  Read more...

Not more hacking, but rather a data error in some cars is disturbing to Steve Jones.  Read more...

Are DevOps and security diametrically opposed? An interesting pieces says no, and Steve Jones comments.  Read more...

One of the things that will be debated quite a bit in the next few years will be the penalties for data loss.  Read more...

Dealing with SQL Server security when the application it uses is full of security holes.  Read more...

Using roles for security is a best practice that Steve Jones espouses.  Read more...

It's possible to perform a man-in-the-middle attack against SQL Server. Steve Jones notes you should be aware these attacks could take place inside of your network.  Read more...

Oracle offers a number of security-related settings, but one could definitely create more harm than good. David Fitzjarrell looks at which parameter that is, and why.  Read more...

Today Steve Jones looks at the security enhancements in SQL Server 2016  Read more...

In a previous article, we discussed how to liberate the DBA from SQL Logins with AD Groups. A good point was raised: How can the DBA know who has what access? Here is a solution.  Read more...

Passwords are always a challenge, but are bad passwords the users' fault? Steve Jones has a few thoughts.  Read more...

Steve Jones talks about the timeframes for updating and fixing security problems in applications.  Read more...

Public records have been open in the past, but today's digital access might mean problems.  Read more...

Enabling Transparent Data Encryption on Databases in Always On Scenario  Read more...

Microsoft is looking for some people to talk to for ~20 minutes via phone/Skype and as a thank you for sharing, will provide a $10 Amazon gift card after the call.  Read more...

It's hard to build strong security over time, but it's worth the effort. Steve Jones notes that even smart people have problems implementing strong security.  Read more...

Ensuring that your SQL Server is secure is the job of every Database Administrator. In this article I will provide a script to help perform easier audits of your system.  Read more...