You can also set up a DDL trigger which fires and checks to see if it's that login. If it is, it executes a stored procedure which starts a server...

You can't prevent them from seeing all the databases. However, once they are in the database, with SQL Server 2005 any queries against metadata will only return to that user...

When you say event viewer, are you seeing these in the SQL Server log or in your Windows Security event log?

This is not a feature of SQL Server 2005. You'll have to either use Encrypting File System (operating system level) or a 3rd party product. SQL 2008 has Transparent Data...

Not off-hand. Perl (Windows) has Win32::EventLog for writing to the event log and has Sys::Syslog to write to a syslog server.

With ALTER DATABASE it should be able to put the database in SINGLE_USER mode and then back to MULTI_USER mode.

Successful logins should be audited any how (it's the only way to gain non-repudiation), but a server side trace is best for this. There are 3rd party products that will...

Not using any native tools, no. SQL Server is not set up in 2005 to write to those sources. However, using scripting, sure, once it's in the database. SQL 2008...

david.gerrard (8/12/2008)

---

Note I said "for the web"... I'm the fella here who has the happy job of monitoring the ever increasing volume of SQL Injection attacks that hit our sites...

JJ B (8/12/2008)

---

I DO assign rights directly to the tables via the roles as makes sense for the application. I've yet to read an argument (and I've read and...

Andy Warren (8/12/2008)

---

Ross, I tried multiple ID's and the only way it worked (for me) was to have separate machines, one logged in as powerless me, other as SA me....

On SQL Server 2000 I was vehemently against both db_datareader and db_datawriter. Granting db_datareader is a violation of the Principle of Least Privilege and thus should be avoided. Complete access...

It was, and there maybe should have been some indication of that. However, the solution they chose threw the baby out with the bath water.

Dunno. Stuff like this has irked me with 2005. You could grant permission to a stored procedure previously and that meant you didn't have to give up the keys to...

No, you can't. By rule members of the sysadmin fixed server role bypass security checks.