In this article I will discuss some new ideas that can result in either modifying SQL statements or injecting SQL code even if the code has escaped the delimiting characters. I will start with some best practices for constructing delimited identifiers and SQL literals, and then I'll show you new ways attackers can inject SQL code in order to help you protect your applications.
2006-12-14
4,373 reads
The suggested method illustrates a way how such tampering by an authorized user can be detected. While this method doesn't provide tamper-prevention measures, but as there is no such thing as ultimate security, detection of such tampers will help maintaining the integrity of information in a great way
2006-12-12
2,407 reads
There are quite a few changes in SQL Server 2005 and many of those relate to security. Did you know the sa account can be disabled by default? Longtime author Raj Vasant brings a basic look at connecting and authenticating in SQL Server 2005.
2006-11-14
4,138 reads
Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.
2006-10-12
3,499 reads
2006-10-11
1,017 reads
2006-10-09
1,072 reads
2006-10-06
941 reads
2006-10-05
991 reads
Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment.
2006-10-03
6,338 reads
Ownership chains have unique permissions' issues in SQL Server 2005. Contributor Serdar Yegulalp explains the access levels of ownership chains, and the benefits of "EXECUTE AS."
2006-09-29
1,943 reads
By Steve Jones
A customer was asking about tracking logins and logouts in Redgate Monitor. We don’t...
By Brian Kelley
Every year, the South Carolina State Internal Auditors Association and the South Carolina Midlands...
Data Céilí 2026 Call for Speakers is now live! Data Céilí (pronounced kay-lee), is...
Environment: SQL Server: 2019 Enterprise (15.0.4430.1) OS: Windows Server 2022 Standard (Build 20348) Virtualization:...
I am trying to create a filter on a SQL Server audit to capture...
I've come across what appears to be a strange deadlock anomaly. As seen in...
From T-SQL, without requiring an XEvent session, can I tell which deprecated features are being used on my instance?
See possible answers