When you attach or detach a database, which...

New SQL Truncation Attacks And How To Avoid Them

In this article I will discuss some new ideas that can result in either modifying SQL statements or injecting SQL code even if the code has escaped the delimiting characters. I will start with some best practices for constructing delimited identifiers and SQL literals, and then I'll show you new ways attackers can inject SQL code in order to help you protect your applications.

Forensic Tamper Detection in SQL Server

The suggested method illustrates a way how such tampering by an authorized user can be detected. While this method doesn't provide tamper-prevention measures, but as there is no such thing as ultimate security, detection of such tampers will help maintaining the integrity of information in a great way

Making SA Work

There are quite a few changes in SQL Server 2005 and many of those relate to security. Did you know the sa account can be disabled by default? Longtime author Raj Vasant brings a basic look at connecting and authenticating in SQL Server 2005.

Anticipate the worst when developing SQL Server databases

Arthur Fuller advises DBAs to try to break their software in order to make sure their SQL Server databases can withstand potential attacks. See if your code can hold up to his suggested tests.

Can a particular event in SQL Server 2005,...

How many users can be added to an...

What algorithm is used to encrypt the Database...

Which protocols support Kerberos authentication on SQL Server...

Ownership Chaining

Security in SQL Server is not too complex, following a fairly simple framework for allowing and preventing access to data. However there are a few places where it can get tricky and some concepts that many people do not understand. Rob Farley brings us an explanation of one of those areas: ownership chaining. Read about how ownership chaining can be useful and also how it may open security holes in your environment.