SQL Server 2000 Best Practices Analyzer Beta

Microsoft has released a new tool to analyzer your SQL Servers and see how they conform to their list of common best practices. Give it a try and let us know what you think.

SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.

Permissions on System Tables Granted to Logins Due to the Public Role

Many of you know that Brian Kelley is our resident security guy. If you didn't, this might prove it! There is a ton of information in this 63 page document worth reading. Let us know what you think.

RC4 Encryption in a Stored Procedure

Joseph gathered together some various bits of code and came up with a solution that lets you do RC4 encryption via the sp_oa~ procedures.

TSQL Virus or Bomb?

Joseph discusses some common and not so common security threats including the possibility of a TSQL virus and bombs planted from within the organization.

Which of the following queries would properly audit...

You are a database administrator of a SQL...

SQL Server Security: Fixed Database Roles

Brian is back with a new security article, this time working through the details of the fixed database roles. There are some important concepts here. In particular if you're not totally clear on the difference between dbo and db_owner, read this article.

What is the best way to prevent hackers...

How do you make SQL Server 2000 listen...