Michael Valentine Jones (7/25/2008)

---

I don’t think there is much use for Application roles except for client server applications.

Most of our applications are web based and end-users do not have logins...

Yelena Varshal (7/25/2008)

---

One catch here: when the password gets created or modified the real database password could be traced with the Profiler. To run SQL Server Profiler, users must be...

reuben.anderson (7/25/2008)

---

Yes, Web applications that I see these days all seem to use a single generic login which is stored, hopefully encrypted, into web.config.

Shouldn't the SQL 2005 implementation of...

If he's getting prompted but it's then going through, it's likely not a Kerberos delegation issue. It's likely an authentication issue on IIS. These will help:

Kerberos authentication and troubleshooting delegation...

bitbucket (7/16/2008)

---

Agree with all that has been said without exception.

Ran across this new Microsoft tool for use with an IIS server that could be of some use to you.

Microsoft has...

I'm addressing administrative rights from the OS level. You can't take it away at the SQL Server level and do the job. Just won't work.

Troubleshooting SQL server performance issues (Access...

Yes, but because of its importance, you can back it up with the BACKUP MASTER KEY command.

There are T-SQL commands (you'll find the exact syntax in Books Online):

BACKUP SERVICE MASTER KEY

BACKUP MASTER KEY

BACKUP CERTIFICATE

I'd recommend SQLPing as well.

It's important to point out that stored procedures and parameterized queries aren't the full answer. The comment about dynamic SQL is key. If there's any place that queries are being...

Are there any other errors in the event logs which seem relevant? Does the server display heavy processor or disk I/O upon startup?

Service master key, yes.

Database master keys, yes.

Certificates, yes.

Asymmetric and symmetric keys, no.

It's not a documented function and therefore unsupported. Given that I can't find any info about it, you probably couldn't show to an auditor it's algorithm or strength, meaning it...

URLScan was just about mandatory for IIS servers prior to 6.0 if they were exposed to the Internet. There is some usefulness for it in IIS 6.0 and above. However,...

SQL Server 2000 has no built-in encryption as already mentioned. However, there are 3rd party solutions such as xp_crypt. You can also get Michael Coles' toolkit[/url] from here at SQL...