Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.
2015-06-12 (first published: 2013-02-18)
21,014 reads
2013-02-28 (first published: 2013-02-12)
1,140 reads
I want to backup my SQL Server databases to a folder, but I want to minimize who has access to the folder. In other words, I want to make sure that members of the Windows Local Administrators group don't get to the backups without intentionally trying to bypass the security. How do I do that?
2012-10-02
3,264 reads
Recently I was supporting a third party application. It queries to determine what tables it has permissions to before it proceeds with the rest of its functionality. We had implemented permissions based on the best practice of creating roles, assigning the permissions to the roles, and then making the users members of the roles. The application was querying INFORMATION_SCHEMA.TABLE_PRIVILEGES and of course didn't find any permissions directly against the user in question. We ended up granting explicit permissions to the user so the application would work, but I'm more interested in the general case. How can I determine permissions for an individual user?
2012-08-02
3,152 reads
2012-05-25
2,275 reads
This article describes how to create user defined server roles and use stored procedures and queries related.
2012-05-25
4,565 reads
With SQL Server 2000 no default server, database or application role was available to be able to execute all stored procedures. With SQL Server 2005, SQL Server 2008 and SQL Server 2008 R2 has this changed with all of the new security features? If not, what options do I have to grant execute rights to the needed database roles?
2012-04-19
2,470 reads
2012-03-22
2,402 reads
2012-03-13
2,217 reads
SQL Server 2012 brings new security enhancements, one of which is to create user defined server roles, which simplifies instance wide administration and helps to increase the security of the instance by letting you define different groups with different sets of permissions as per their role and responsibilities.
2012-02-29
3,032 reads
Do you know if your SQL Server is really running at its best? To...
You can find the slides of my session on the €100 DWH in Azure...
By Steve Jones
This value is something that I still hear today: our best work is done...
Hi everyone I am writing an SP where there is logic inside the SP...
Comments posted to this topic are about the item Planning for tomorrow, today -...
We have a BI-application that connects to input tables on a SQL Server 2022...
I try to run this code on SQL Server 2022. All the objects exist in the database.
CREATE OR ALTER VIEW OrderShipping
AS
SELECT cl.CityNameID,
cl.CityName,
o.OrderID,
o.Customer,
o.OrderDate,
o.CustomerID,
o.cityId
FROM dbo.CityList AS cl
INNER JOIN dbo.[Order] AS o ON o.cityId = cl.CityNameID
GO
CREATE OR ALTER FUNCTION GetShipCityForOrder
(
@OrderID INT
)
RETURNS VARCHAR(50)
WITH SCHEMABINDING
AS
BEGIN
DECLARE @city VARCHAR(50);
SELECT @city = os.CityName
FROM dbo.OrderShipping AS os
WHERE os.OrderID = @OrderID;
RETURN @city;
END;
go
What is the result? See possible answers