One of the major problems in the database field is when people store sensitive data unencrypted into SQL Server. This article shows you one of the most basic ways to encrypt data to the casual viewer.   Read more...

Do you know the difference between a login and a user? What's the best way to add them; Enterprise Manager, T-SQL, or SQL-DMO? In this beginner level article Andy demonstrates how to use all three methods to add logins and users and offers his view of which is the best technique.   Read more...

A new article from MSDN magazine on stopping SQL Injection attacks by examining how the SQL can be exploited. It's a good basic article for developers as well as DBAs who might have to review code.  Read more...

As Robin points out there is no built in way to make sure users have strong passwords when using SQL authentication. There are a couple changes you can make (with appropriate warnings!) that will allow you to do this. Read on to find out why and how.   Read more...

Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.   Read more...

A monster book at 980 pages, it's written in 'how-to' format and has a ton of good material. Andy gave it the once over for us and reports back - see what he thinks!   Read more...

Do you know the difference between a login and a user? What's the best way to add them; Enterprise Manager, T-SQL, or SQL-DMO? In this beginner level article Andy demonstrates how to use all three methods to add logins and users and offers his view of which is the best technique.   Read more...

In this follow up to one of our most popular articles, Andy responds to comments posted by readers and discusses how to manage SQL logins effectively in your applications.   Read more...

Andy sits down with an entry level book to see if he should use it at work as a teaching aid. Did he like it? Should you buy it? Read the review now!   Read more...

In this article by Randy Dyess he shares with you the script on how he audits his environment and outputs reports of the permissions that users have.  Read more...

Ever been placed into a new environment and couldn't find an ounce of documentation? This article is the first in a series that will help you make an audit of your new environment and determine if any SQL Server login does not have a password, has a password the same as the login name or a password that is only one character long.  Read more...

Sooner or later everyone who works with SQL Server hears that it is better to avoid dynamic SQL at all cost. Dynamic SQL will force you to give out more permissions than static SQL. This article by Robert Marda shows you some of the security issues with dynamic SQL.   Read more...

Lots of applications store user names and passwords in the database. This article presents a method for encypting this information using Java.   Read more...

One of the major problems in the database field is when people store sensitive data unencrypted into SQL Server. This article shows you one of the most basic ways to encrypt data to the casual viewer.   Read more...

Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.   Read more...

As Robin points out there is no built in way to make sure users have strong passwords when using SQL authentication. There are a couple changes you can make (with appropriate warnings!) that will allow you to do this. Read on to find out why and how.   Read more...

A new article from MSDN magazine on stopping SQL Injection attacks by examining how the SQL can be exploited. It's a good basic article for developers as well as DBAs who might have to review code.  Read more...