SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Archives: March 2009

SQL Server Authentication Modes and Surface Area Test

One of the videos I did for JumpStart TV is up on the front page:

SQL Server Authentication Modes

It is an introductory video to help understand the two types of authentication SQL Server can perform: Windows authentication only and Mixed Mode. It's primary purpose was to cover the two… Read more

Microsoft March Security Bulletin Release

This month there were 3 security bulletins released and 1 re-released:

Microsoft Security Bulletin Summary for March 2009

First, let's tackle the bulletin which was re-released. MS08-052, which was issued for a remote code execution vulnerabilities in GDI+ (graphics rendering). The bulletin was re-released to cover situations where Windows… Read more

[Off-Topic] Eleven Year-Old Making a Difference

Those who know me personally know that I grow my hair out to donate for kids. I have donated a couple of times to Locks of Love. This past Saturday I participated in a hair collection drive led by 11 year-old Sarah Brotman:

Midlands girl gets a haircut for…

Read more

CONTROL SERVER vs. sysadmin membership

In a previous blog post on Detecting When a Login Has Implicit Access to a Database, I mentioned that having CONTROL SERVER rights means having implicit rights into the databases. Robert Davis posted a comment asking if there was a difference with respect to explicit permissions between being a… Read more

Adobe Flash Player Update Available

There is an Adobe Flash Player available to address a security issue. The bulletin shows as being released February 24, 2008, however, my system didn't show an alert for it until this week. Details here:

Flash Player update available to address security vulnerabilities  Vulnerability identifier: APSB09-01

The reason I flag… Read more

Three Operating System (Windows) patches due on Tuesday

Microsoft's advance security bulletin has come out and it looks like they are planning on releasing 3 security bulletins on Tuesday, March 10, 2009. However, none are for the Excel malformed file issue that is currently being exploited. Of the patches, one is a critical rated remote code execution vulnerability.… Read more

Owning an Object in SQL Server 2005/2008

One of the things that we have to re-learn when going from SQL Server 2000 to 2005/2008 is that objects no longer have owners. Rather, objects are contained in schema and schema have owners. And if you query sys.objects, you will see that this seems to hold true. While there… Read more