SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Archives: April 2014

Understanding the Three A’s of Security for SQL Server

Do you know what the “Three A’s of Security” are and how they apply to Microsoft SQL Server? Let’s look at them as they are important for managing security properly on a given Microsoft SQL Server.


Authentication is determining who a person/process is.

When a connection is made, it’s… Read more

0 comments, 7,342 reads

Posted in Databases – Infrastructure – Security on 22 April 2014

Encrypt usernames and passwords stored in files

I was looking at a product recently and came across a rather unpleasant surprise: the install instructions specified that I put the database connection in plaintext in web.config. I’ll explore this particular case and why it’s particularly egregious, but from a security perspective, this shouldn’t happen anymore, regardless of application.… Read more

0 comments, 3,065 reads

Posted in Databases – Infrastructure – Security on 2 April 2014