By the way, an excellent web-cast that's a step-by-step walk through on how an attacker scopes out and attacks a box using SQL Injection:

http://www.microsoft.com/usa/webcasts/ondemand/1765.asp

This was presented by SQLServerCentral.com's Brian...

You're piggy-backing on legitimate access. In other words, a database call that is authorized is being made. You jump in on this call and add to it.

Think of it in...

The elective you choose should probably be based on what you know the most on or are most comfortable with.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server...

Though sp_start_job defaults to the public role, a user needs to be able to see the job in order to start it. A user can normally see a job if...

I think it would be more of a best practice to do the encryption at the application level and pass to SQL Server the encrypted form of the password.

K....

First, did you mean SMTP (Simple Mail Transport Protocol) or SNMP (Simple Network Management Protocol).

If SMTP:

Yes, there's a way, but it involves having a SQL Server Agent job reading email...

Do the passwords between the two local administrators accounts match? In other words, if on box A the password is MyPassword! on box B the password would be MyPassword! as...

You're still using Windows authentication, so it's not a Mixed Mode vs. Windows only issue. It's about how the operating system goes about validating the Windows credentials. Basically, if the...

Are you doing linked server connections between the two DBs? If so, bbychkov has hit the nail on the head. You're in a double-hop situation.

Delegation under Active Directory solves...

Realized I should be as a proviso that I'm really simplifying things here...

As long as domain B trusts domain A, user can use domain A's user login on domain...

This is odd. Typically I see this when a BDC (NT 4.0) or a DC (Win2K) hasn't received the replicated password change, but it shouldn't persist unless a DC is...

Sounds like for whatever reason it can't enumerate the groups. Unless someone else has an idea, this sounds like a PSS call to Microsoft.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide...

TargetServersRole is kind of secretive. It's there to support Multi-server administration and thus wasn't explicitly intended for someone to use to monitor jobs, but it has the permissions necessary to...

In Books Online there's a page on DBCC CHECKDB() that describes the options in more detail than I will here (so read it before running), but basically this is what...

Yup, that's true. Go with Frank's suggestion if you're going down the xp_cmdshell route. Since both SQL Server and SQL Server Agent are services, psservice is the better option over...