Security Basics: Applying the Principle of Least Privilege Properly
Whenever I do a security presentation, I make sure to cover the Principle of Least Privilege. And when I do...
2009-05-29
3,152 reads
Brian Kelley
- Interests: Chess, Reading, Soccer (Football), Baseball, Animals, Theology
Why I Say Something about Running as Administrator
On a couple of recent webcasts, I pointed out the folks were running with the local Administrator account. To start...
2009-05-28
2,150 reads
Catalog view: sys.tcp_endpoints
I was playing around with the endpoint catalog views this afternoon just looking at ways to do poor man's configuration...
2009-05-27
2,816 reads
Speaking at Augusta Developer's Guild
Tomorrow night, May 28th, I'll be speaking the Augusta Developer's Guild. This is a make-up from earlier in the year...
2009-05-27
1,378 reads
SQL Injection - Why I Don't Think Parameterization is Enough
One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...
2009-05-20
3,948 reads
Sick? Stay home!
Yesterday I did something I wouldn't have thought of doing a year ago: I stayed home. When I woke up,...
2009-05-19
843 reads
SQL Injection - Why I Don't Think Parameterization is Enough
Note:Since there have been several comments on this, I'm using parameterization at the application layer in the security sense of...
2009-05-15
2,703 reads
Rant: Is It an Effective Control or Not?
This is spurred on by a comment a pen tester made. He was referring to a particular technology and said something to the effect of, "What do you expect? It's 30 year-old technology." I was stunned when the comment was relayed to me. My response...
2009-05-13
2,363 reads
Rant: Is It an Effective Control or Not?
This is spurred on by a comment a pen tester made. He was referring to a particular technology and said...
2009-05-05
1,246 reads
Security Basics: Defense-in-Depth
In my security presentations, another basic I talk about is defense-in-depth. The idea here is to produce multiple layers of protection against a particular attack. For instance, imagine malicious code against your home computer. This is a case where...
2009-05-05
1,971 reads
Blogs
Unused Indexes in SQL Server: Find them, vet them, and drop them safely
Unused Indexes in SQL Server: Find them, vet them, and drop them safely Indexes are...
T-SQL Tuesday #191 Round Up
By Steve Jones
I hosted this month, late as it turns out, but we still had a...
Come See Me at the PASS Data Community Summit
By Brian Kelley
I'm speaking on Quantum Computing at the PASS Data Community Summit. It's scheduled for...
Forums
Create an HTML Report on the Status of SQL Server Agent Jobs
Comments posted to this topic are about the item Create an HTML Report on...
Managing unused indexes
While doing some housekeeping activity on several old but large production databases, I come...
Cloud Performance Considerations
How important to SQL Server is the speed of the SSD and network latency?...
Question of the Day
Striped Backup File Limits
In SQL Server 2022, how many backup files can I have in a striped backup?
See possible answers