As I blogged about previously, I had decided to go ahead and pre-order the Kindle 2. It was slated for delivery on Thursday, February 26, but came a day early.I've had it in my hands now for two days and here are some of the things I've noted:

The… Read more

Some things and readings today reminded me of this: a security control inconsistently applied is not a control. The whole point of a security control is to provide a check in order to catch malicious behavior. Some controls are preventative. Others are detective or compensating. An example of a… Read more

Today, Microsoft release a security advisory about a new vulnerability in Microsoft Excel. This one affects both PCs and Macs. The Microsoft Security Response Center blog has a post there as well. SecurityFocus has a bit more information, basically indicating Symantec is detecting files containing an exploit to… Read more

This question comes up a lot in the forums: "How do I know if the login owns any objects?" Usually the reason this question is asked is to be able to find those objects and change the ownership so the login/server principal could be dropped. The first key is to map… Read more

All of the videos I've done are up under my profile. However, the video for The difference between GRANT, DENY and REVOKE in SQL Server should appear on the front page of JumpStart TV shortly.

  Read more

Yesterday I blogged about how to figure out what database principals corresponded to what server principals. The key is to match up the SIDs between sys.server_principals and sys.database_principals. But I also stated there were 3 cases where the logins had implicit access to a database and therefore we wouldn't… Read more

A question on the forum asked how to find all the database mappings for a particular login. If you're on SQL Server 2000 or below, the tables you want to use are syslogins in the master database and sysusers in each database. The key to tying the login to a user… Read more

When the Kindle 2 was first announced, I debated about whether or not to get it. Then I realized I had to same sort of debate with myself over the Kindle, and that ultimately there were a couple of times I regretted not having gotten one. One of those times… Read more

This is a follow-on post to You Must Trust Someone. My point in that post was to establish that being able to and and actually trusting your account and server administrators is a necessity. I didn't go into the business aspect of that, but basically it boils down to… Read more

There is an active attack in the wild for the newly announced Adobe Acrobat and Adobe Reader vulnerability. While the attack isn't widespread, there is always the possibility of copycat attacks. One of the recommended suggestions is really easy to do, so I'm posting it here, and that's to… Read more

After some recent talks with security folks and auditors, one of the things I have had a hard time getting across is that you must trust those folks responsible for account and server management when it comes to securing your data. Yes, you can put in a lot of deterrents, but… Read more

This is something that hit me as I was presenting to the Charlotte SQL Server User Group last night.

Back in the Windows 2000 days I wrote an article on Encrypting File System and explaining how it could be used to protect the database files at rest. In my Fortress… Read more

This past weekend we were moving database files around because we added new LUNs to an existing production cluster. We went at the old tried and true way, we detached the databases, moved the files, and re-attached the databases. That seemed to work well and we thought everything was okay.… Read more

Brent Ozar wrote his Things you know now and in it he says this under his first point, Pick one thing and get really good at it:

"I’m not saying you should stop learning, but you should focus your learning on a very small surface area, and dive deeply into…

Read more

Affected Versions:

• SQL Server 2000 SP4
• SQL Server 2005 SP2

Unaffected Versions:

• SQL Server 2005 SP3
• SQL Server 2008

Original Vulnerability Report: http://www.securityfocus.com/archive/1/archive/1/499042/100/0/threaded

Microsoft Security Bulletin Link: http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx

Brief Analysis:

The extended stored procedure, sp_replwritetovarbin, has a buffer overflow vulnerability which can be exploited to perform a remote code exploit… Read more

This was the brainchild of Mike Walsh, who asked, "What do you wish you knew when you were starting?" I was tagged by Michelle Ufford, so here are my answers.

 "To Lead Is to Follow" - I've written about this before, but just understanding that at some… Read more

This is something that bit us over the weekend as we attempted to install two new SQL Server 2008 Enterprise Edition instances on a Windows Server 2003 failover cluster. The cluster already had existing SQL Server 2005 instances, but I don't think that matters. In any case, we went to… Read more

Every time management / professional development book out there tells one to not only develop goals but actually write them down. That's the first real step to accomplishing them. One source I read suggested writing the goals as if you've already accomplished them. Because that puts you in the frame of… Read more

I should have put this out earlier, before going to the SQL Server Innovators Guild, but I got too busy. Here are my current speaking / teaching engagements for the first half of the year:

February:
  3  - SQL Server Innovators Guild – Greenville, SC - Fortress SQL… Read more

As part of its advance notification, Microsoft has released the list of security bulletins that should be coming our way Tuesday, Februarry 10, 2009. Among them is a remote code exploit rated Important by Microsoft for SQL Server. The affected software list shows SQL Server 2000 and 2005. It… Read more