A couple of months ago I talked about moving a login from one server to another without the password. The...  Read more...

As I mentioned in the introductory post, during the Introduction to SQL Server Security session for Pragmatic Work’sTraining on the T’s, I...  Read more...

I've gotten in contact with most of the speakers who submitted SQL Server security talks for the PASS Summit. All...  Read more...

Review the error log for possible brute force or dictionary attacks on your SQL Server instance.  Read more...

As I mentioned in the introductory post, in the Introduction to SQL Server Security session for Pragmatic Work’sTraining on the T’s, I...  Read more...

This script is helpful to identify the orphaned users in a database, useful when we restore a database from a different location.  Read more...

So I was studying for the 70-451 and ended up reading the BOL entry for CREATE SCHEMA. I honestly can’t...  Read more...

Identify orphaned Database Users and differentiate them from "Loginless" Database Users.  Read more...

There is a lot of data out there that is specific to an individual, none more important perhaps than biometric data. Steve Jones writes a bit about the security implications involved in working with this data. (This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.)  Read more...

If you can establish a connection to a SQL Server, but are having problems logging in to it, you will...  Read more...

Script to find username and corresponding loginname for all user database in SQL Server  Read more...

Changes DB owner to sa for Online DB's where owner is not sa  Read more...

Microsoft might be changing their patching process for applications. This has Steve Jones worried they may move towards an Apple/iOS like model, which would not be good for server systems.   Read more...

There was an interesting conversation on Twitter today about security awareness and why the training so often fails. From my perspective, here's...  Read more...

This is an uncommon task but one that does turn up every once in awhile. A SQL login has to...  Read more...

This Friday Steve Jones talks about xp_cmdshell and the security regarding its use. Do you have any holes that might exist if administrators are allowed to use this tool on their instances?  Read more...

Evernote recently had a security incident and forced all users to reset their passwords. Many people thought this was a good response to a security incident. Would your company act in a similar manner?  Read more...

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.  Read more...

I was scanning http://dba.stackexchange.com and ran across the following question: http://dba.stackexchange.com/questions/31478/sql-server-script-to-delete-accounts-no-longer-in-active-directory Basically the OP wanted to know how to get rid of...  Read more...

A short look at the vulnerabilities your data may be susceptible to outside of the database tables.   Read more...