Stop SQL Injection Attacks Before They Stop You

A new article from MSDN magazine on stopping SQL Injection attacks by examining how the SQL can be exploited. It's a good basic article for developers as well as DBAs who might have to review code.

SQL Server Auditing - Part 1

Our SQL Server Security expert, Brian Kelley, brings us the first part of a new series on auditing. Most of the auditing articles we've had are based on how you audit changes to data. Brian looks at auditing from the server itself, explaining the different levels of auditing built into SQL Server 2000.

Review: NGSSquirrel

NGS Software is in the security business and have been very successful in finding vulnerabilities in many products, notable SQL Server. They have used their expertise to build products to help you better secure your systems. Dale Corey looks at one of those products, NGSSquirrel, which does vulnerability assessment.

Save Your Password

Storing passwords in SQL Server for authentication by your application is a common practice. But not always a good one. Someone with access could easily see all passwords and perhaps cause mischief inside your application. Imagine the office gossip getting access to your HR application as the HR director! Not a good thing. Dinesh Asanka has written a short piece on how you can use a built in function in SQL Server to encrypt these passwords and use them with a minimum of effort.

What is the minimum permissions you would need...

You would like to grant all access on...

You suspect that a hacker is trying to...

To execute sp_change_users_login procedure with all the three...

Bill's company recently purchased another company and he...

Yukon Passwords

Some good info on password changes in Yukon (SQL 2005). Based on the beta, but worth taking a look at.