This article discusses: How SQL injection attacks work, Testing for vulnerabilities, Validating user input, and more.  Read more...

In this presentation at the Jacksonville SQL Server Users Group, Bayer White playS the part of a developer protecting his application and Brian Knight attempts to hack his application using SQL Injection and cross-site scripting. Then, Bayer will show you how to protect yourself from the hacker and then Brian tries again. Back and forth the chess match goes until someone wins!   Read more...

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.  Read more...

Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment.   Read more...