Threat Profiling SQL Server
An interesting research paper by David Litchfield on how an attacker might go about attacking your server. Definitely worth a read.
2002-09-06
532 reads
Security
Security Update for SQL Server SP2
Microsoft has release a cumulative security update for SQL Server with SP2. Read , download and update your SQL Server!
2002-07-25
3,912 reads
SQLServerCentral.com Launches SQL Server Security Analzyer
SQLServerCentral.com launched its first online free software, which can evaluate your SQL Server remotely and look for SQL Server security vulnerabilities. This free service looks for weak or no passwords and does a basic penetration test online.
2002-06-13
55 reads
Auditing Your SQL Server Environment Part II Auditing Your SQL Server
In this article by Randy Dyess he shares with you the script on how he audits his environment and outputs reports of the permissions that users have.
2002-05-30
9,911 reads
SQLsnake Worm Hits SQL Servers and Networks Hard
If you haven't changed the SA password on your SQL Server, you may be soon paying the price. Beginning last week, an old worm has come back in full force, infecting about 100 SQL Servers an hour. Reports of heavy port 1433 scanning began in early may but by the 22nd, the virus really began to take its hold on systems with no SA password.
2002-05-28
4,813 reads
SQL Security Resource Center Opens
SQLServerCentral.com is proud to launch it's first Resource Center for security. It's a one-stop shop for anything related to SQL Server security. All content is user-contributed and contains links to content throughout the web.
2002-05-20
77 reads
SQL Server Security Resources
As I work with a particular topic or problem, I often research on the Internet different opinions, white papers, etc. Here is a list of resources that are located both on SQLServerCentral.com and other sites that I have found useful.
2002-04-08
5,536 reads
Auditing Your SQL Server Environment Part I
Ever been placed into a new environment and couldn't
find an ounce of documentation? This article is the first in a series that will help you make an audit of your new environment
and determine if any SQL Server login does not have a password, has a password the same as the login name or a password that is only one character long.
2002-04-02
10,441 reads
Dynamic SQL vs. Static SQL Part 1 - Security
Sooner or later everyone who works with SQL Server hears that it is better to avoid dynamic SQL at all cost. Dynamic SQL will force you to give out more permissions than static SQL. This article by Robert Marda shows you some of the security issues with dynamic SQL.
2002-02-27
12,961 reads
Worst Practices - Encrypting Data
Continuing with the Worst Practices Series: Steve Jones examines why encryption in the database is a bad idea.
2002-01-08
8,434 reads
Blogs
Learn Better: Pause to Review More
By Brian Kelley
If you want to learn better, pause more in your learning to intentionally review.
Azure SQL Managed Instance Next-Gen: Bring on the IOPS
By John
If you’ve used Azure SQL Managed Instance General Purpose, you know the drill: to...
SQL, MDX, DAX – the languages of data
By DataOnWheels
Ramblings of a retired data architect Let me start by saying that I have...
Forums
Two foreign keys to the same table. Can't cascade deletes.
Not sure if this is really a relational theory question but it seems about...
Connecting Power BI to SSAS and effective user not working
Hi everyone, Below is a consolidated summary of what we validated Architecture & data...
High Availability setup - has anyone seen this method?
Hi all, I recently moved to a new employer who have their HA setup...
Question of the Day
Encoding URLs
I have this data in a SQL Server 2025 table:
CREATE TABLE Response ( ResponseID INT NOT NULL CONSTRAINT ResponsePK PRIMARY KEY , ResponseVal VARBINARY(5000) ) GOIf I want to get a value from this table that I can add to a URL in a browser, which of these code items produces a result I can use? See possible answers