How to (Somewhat) Increase SQL Server Security

Problem Some time ago Argenis Fernandez(@DBArgenis) found and described a vulnerability that allows you to get into SQL Server with 'sa' rights. This method does not require a restart of the SQL Server service or the whole machine, the condition is a local administrator account on the server. Reminder SQL Server until 2008R2: Until SQL 2008R2, […]

The Challenge of Edge Security

We will see databases deployed on the edge, and we will need strong security patches.

No-so-smart Contracts

Hacking a smart contract resulted in a big payday.

SQL Server Data Classification Comes Alive

Overview Microsoft SQL Server 2012 introduced a feature called data classification, which allows you to mark certain columns with labels, indicating that these columns contain sensitive or special-handling data. For instance, you may want to mark a column containing credit card numbers as "confidential", or sales numbers as "management only". The problem is that you […]

Getting Beyond Passwords

Steve doesn't think that we will get beyond passwords.

SQL Server Data Masking: a comparison with Gallium Data

Introduction In SQL Server 2016, Microsoft introduced a new feature called dynamic data masking, which allows you to mask the values of certain columns and keep that data hidden from certain users, without having to modify your applications. Let's take a look at how SQL Server does data masking, and compare it to the way Gallium Data […]

The Row-Level Security Function

Ransomware: A world under threat

Ransomware has threatened many organizations over the past few years. In this article, Robert Sheldon explains the history of ransomware and what needs to be done to protect against it.

SQL Server Row-Level Security: A Comparison with Gallium Data

A quick look at how the native SQL Server Row-Level Security compares with Gallium Data's solution for limiting access to rows of data.

Row-Level Security Predicates