Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Archives: November 2007

Honeypots in the Database

As a follow up to my post about Cesar Cerrudo's new whitepaper, earlier this month David Litchfield talked about putting honeypots in the database in his blog post, Database tripwires..., to catch someone snooping around. The basic idea for non-Oracle databases is to create some sort of alerting…

Read more

Whitepaper on Malware to Attack Databases

Cesar Cerrudo of Argeniss Information Security has put out a new whitepaper (.pdf format), Data0: Next generation malware for stealing databases, describing how malware could be crafted to steal information out of databases. For the most part, it stays at a high-level, however, Cesar does give a few example…

Read more

Physical Fitness

Real life events continue to interfere with my regular posting. However, I would rather deal with them and neglect posting than the other way around. My mother-in-law had full knee replacement surgery last week and we've been helping her out. I've been tending to the children and cooking while my…

Read more

Veterans' Day

I'll post Part III of Becoming a DBA tomorrow (meaning there will be two posts). Veterans' Day is typically celebrated on the 11th, but when it comes on a weekend, we tend to formally observe it on the following Monday. Today is a day in the United States where we…

Read more

Resources: SQL Server 2005 Security

Work responsibilities took up my time on Thursday and Friday, so I never got around to posting. Here's the resources I planned on covering on Friday: online sources for SQL Server security.

Website: Center for Internet Security - SQL Server Benchmarks

CIS is well known for producing quality benchmarks for…

Read more

Tools: Apex SQL Log, Apex SQL Log API, Sample Corrupted Databases

Apex SQL has announced a new version of Apex SQL Log as well as an API for it.
From the product page, it looks like the API can be used to create auditing capabilities using the transaction log…

Read more

SQL Server: Showing permissions for a given database user

Building upon my post from last Tuesday, if you know all the roles for a given user, you'll probably want all the permissions as well. In prior versions of SQL Server, the way to go was the system stored procedure sp_helprotect. However, sp_helprotect is stuck in legacy SQL…

Read more

The Impact of Architecture/Design Choices

I try my best to get things right the first time. So often, correcting a mistake or bad choice is costly: more costly than it would have been to take the time to do it right the first time. However, as SQL Server MVP Andy Leonard points out, sometimes you…

Read more

Becoming a DBA, Part II

This is a follow-up to part I from last week. You've considered what you want to do, you've looked at your soft skills, and you still want to be a DBA. How then do you get started?

The first thing to do is decide which platform you're going to focus…

Read more

Online Resource: Safari Tech Books Online

I've used Safari (the O'Reilly version) for a number of years now and it is a resource I often recommend to coworkers. Basically, it's an on-line library of technical books (since expanded to include video) from a group of publishers. O'Reilly, Microsoft Press, Cisco Press, Syngress, and many others…

Read more

Why SQL Server 2005 Doesn't Permit Non-ANSI Style OUTER JOINs

As of SQL Server 2005, any database in 90 compatibility mode (settable by sp_dbcmptlevel) cannot support non-ANSI OUTER JOINs. Sometimes these types of joins are called old style joins. An example of such a non-ANSI OUTER JOIN is the following:
SELECT t.*
FROM dbo.titles tdbo.sales s
WHERE t.title_id *

Read more