djackson 22568 (12/6/2011)
Vendors still push for "sa" accounts for access and there is little I can do when I am told to implement a system with that poor of a design, but there are systems that I have more control over.
I've had a few vendors ask for SA in the past. Digging in, we found they wanted SA because a) that's what they always use, and b) because they wanted to create logins or run a job from the application.
We could easily do the "create" logins from SSMS (or EM in that case) and the application would see them. We could also grant rights to run jobs without giving SA. Some vendors want SA, but don't really even know why they have that requirement.
What do you suggest as the best resource for security in SQL Server 2008 R2?
Preferably a nice set of articles like the ones SQLServerCentral is doing for SSRS, or how about a good book, maybe even a blog somewhere?
Even those of us who consider themselves experts in this vein should benefit by reading more about it. For those of us who struggle with it, good information can be trememndous. I know BO has information, but to me that is more of a reference, and useful once you know what you want to do. A good primer, followed by good detail, is usually easier for most of us to pick up.
Dave
We are working on a security stairway series, but it's tough to get one done. For now, I would recommend a couple resources:
Securing SQL Server: http://www.amazon.com/gp/product/1597496251?ie=UTF8&tag=redgatsof-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1597496251
Hardening SQL Server: http://www.sqlmag.com/article/sql-server/Hardening%20SQL%20Server-135858