Security

While analyzing SQL Server's network protocol, I came across a weird fact: when a database client logs in using SQL Server authentication (as opposed to Windows authentication), it has to send the user's password to the server, in blatant violation of common security guidelines. At first, I couldn't believe it; SQL Server generally does an […]

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

(8)

You rated this post out of 5. Change rating

2022-03-02

5,620 reads

Discuss

A Real World Security Reminder

by Steve Jones

SQLServerCentral

Security

Editorial

A reminder today that security in the physical world can affect the digital world.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

(3)

You rated this post out of 5. Change rating

2022-02-23

208 reads

Discuss

Teams Security Issues

by Steve Jones

SQLServerCentral

Security

Editorial

There are a few security issues in the Teams application from Microsoft, and Steve notes that some of the push for new features can be a problem in this area.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2022-01-10

297 reads

Discuss

Query control made easy

by maxtardiveau

SQLServerCentral

Security

Article

Overview As we all know, data security is a never-ending battle. Every day, we hear of new data breaches. It's a hard problem, and there is no single solution, other than a defense in depth. Let's look at one of those defenses for databases: query control. Query control is a simple idea: most applications access […]

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

(4)

You rated this post out of 5. Change rating

2022-01-07

4,043 reads

Discuss

How to (Somewhat) Increase SQL Server Security

by Hubert Sloma

SQLServerCentral

Article

Problem Some time ago Argenis Fernandez(@DBArgenis) found and described a vulnerability that allows you to get into SQL Server with 'sa' rights. This method does not require a restart of the SQL Server service or the whole machine, the condition is a local administrator account on the server. Reminder SQL Server until 2008R2: Until SQL 2008R2, […]