SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.

Permissions on System Tables Granted to Logins Due to the Public Role

Many of you know that Brian Kelley is our resident security guy. If you didn't, this might prove it! There is a ton of information in this 63 page document worth reading. Let us know what you think.

RC4 Encryption in a Stored Procedure

Joseph gathered together some various bits of code and came up with a solution that lets you do RC4 encryption via the sp_oa~ procedures.

TSQL Virus or Bomb?

Joseph discusses some common and not so common security threats including the possibility of a TSQL virus and bombs planted from within the organization.

Which of the following queries would properly audit...

You are a database administrator of a SQL...

SQL Server Security: Fixed Database Roles

Brian is back with a new security article, this time working through the details of the fixed database roles. There are some important concepts here. In particular if you're not totally clear on the difference between dbo and db_owner, read this article.

What is the best way to prevent hackers...

How do you make SQL Server 2000 listen...

Fixed Database Roles

This article covers four of the fixed database roles (db_datareader, db_datawriter, db_denydatareader, and db_denydatawriter). If you're new to SQL security (and maybe even if you're not) this article is worth reading.