Yukon Passwords

Some good info on password changes in Yukon (SQL 2005). Based on the beta, but worth taking a look at.

On your production SQL Server 2000, you have...

How to Make Sure You Have Good Passwords

As Robin points out there is no built in way to make sure users have strong passwords when using SQL authentication. There are a couple changes you can make (with appropriate warnings!) that will allow you to do this. Read on to find out why and how.

Tonya needs to manage what user accounts can...

SQL Injection - Part 1

Randy says that the biggest reason we have so many injection vulnerabilities is that all the asp books use inline sql for their examples! We STILL encounter developers who don't understand injection. Read and pass on to your dev team.

SQL Server 2000 Best Practices Analyzer Beta

Microsoft has released a new tool to analyzer your SQL Servers and see how they conform to their list of common best practices. Give it a try and let us know what you think.

SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.

Permissions on System Tables Granted to Logins Due to the Public Role

Many of you know that Brian Kelley is our resident security guy. If you didn't, this might prove it! There is a ton of information in this 63 page document worth reading. Let us know what you think.

RC4 Encryption in a Stored Procedure

Joseph gathered together some various bits of code and came up with a solution that lets you do RC4 encryption via the sp_oa~ procedures.

TSQL Virus or Bomb?

Joseph discusses some common and not so common security threats including the possibility of a TSQL virus and bombs planted from within the organization.