Browse by Tags

• Administration
• Azure
• Best Practices
• Career
• Checklists
• Cloud
• Cloud Computing
• Data
• DBA
• Disaster Recovery
• Encryption
• Learning
• Maintenance
• Maintenance Plans
• Schemas
• Scripts
• SQL Azure
• SQL Server
• SQL Server 2008
• Tips
• Windows Azure

• Should All Data Be Encrypted By Default?

  Recently several IT industry information outlets have reported that there has been a 10-year concentrated, organized effort on breaking through computer security at some of the largest companies in the world. Government sites have also been attacked in Read More... Posted Tuesday, August 09, 2011 7:45 AM by BuckWoody | 0 Comments Filed under: Best Practices, Security, SQL Azure, Data, Cloud, Azure, Windows Azure, Cloud Computing, Encryption

• Online Password Security Tactics

  Recently two more large databases were attacked and compromised, one at the popular Gawker Media sites and the other at McDonald’s. Every time this kind of thing happens (which is FAR too often) it should remind the technical professional to ensure Read More... Posted Tuesday, December 14, 2010 7:11 AM by BuckWoody | 4 Comments Filed under: Tips, Security, Cloud Computing

• Windows Azure Security Links

  Research shows that companies that are considering a “cloud” platform have various concerns, and that security is at the top of that list. I’ve put together a list of the resources I use for explaining our security posture, and the steps Read More... Posted Monday, November 01, 2010 9:59 AM by BuckWoody | 1 Comments Filed under: Security, SQL Azure, Cloud, Azure

• Schemas as Security Boundaries

  There was a question yesterday on Twitter (hashtag #sqlhelp) wondering how to let developers create stored procedures and then grant the rights to those procedures to other people. I believe that question got answered, but it also brought up the subject Read More... Posted Tuesday, August 03, 2010 7:00 AM by BuckWoody | 3 Comments Filed under: SQL Server, Security, Schemas

• Don’t mess with the system databases in SQL Server, or Error: 916

  Note: If you’re reading this more than a few months away from July of 2010, do more research. Never trust an old blog as gospel on anything, including my entries. Always refer to Books Online for the authoritative answer, and if it’s wrong, Read More... Posted Monday, August 02, 2010 7:41 AM by BuckWoody | 10 Comments Filed under: SQL Server, Security

• The TechNet Wiki and Updated Security Checklists

  You're probably familiar with a Wiki - a document set that anyone can edit. Did you know TechNet (Microsoft's source for technical professionals) has one? And did you know there are lots of folks keeping it up to date? Well, Rick Byham, one of my friends Read More... Posted Tuesday, July 27, 2010 7:18 AM by BuckWoody | 2 Comments Filed under: SQL Server, Security, Checklists

• Cross-Pollination

  I was reading this post on J.D. Meier's Blog, which deals with the “cloud” (I really dislike that term) . You might wonder what that has to do with SQL Server, since it isn’t specifically about SQL Azure. I’ll come back to that in a moment. I play a little Read More... Posted Tuesday, July 13, 2010 6:10 AM by BuckWoody | 1 Comments Filed under: SQL Server, Career, Security, Learning

• More than one way to skin an Audit

  I get asked quite a bit about auditing in SQL Server. By "audit", people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very Read More... Posted Thursday, May 20, 2010 7:40 AM by BuckWoody | 2 Comments Filed under: DBA, Administration, Best Practices, Security

• Security Goes Underground

  You might not have heard of as many data breaches recently as in the past. As you’re probably aware, I call them out here as often as I can, especially the big ones in government and medical institutions, because I believe those can have lasting implications Read More... Posted Thursday, April 22, 2010 7:06 AM by BuckWoody | 1 Comments Filed under: SQL Server, Security

• Backup those keys, citizen

  Periodically I back up the keys within my servers and databases, and when I do, I blog a reminder here. This should be part of your standard backup rotation – the keys should be backed up often enough to have at hand and again when they change. The first Read More... Posted Tuesday, April 20, 2010 6:14 AM by BuckWoody | 2 Comments Filed under: Tips, DBA, SQL Server, Administration, Best Practices, Security, Disaster Recovery, Maintenance Plans, Maintenance

• Have you backed up your keys lately?

  Did you know that you already have a Server Master Key (SMK) generated for your system? That’s right – while a Database Master Key (DMK) is generated when you encrypt a certificate or Asymmetric Key with code, the Server Master Key is generated automatically Read More... Posted Monday, March 01, 2010 7:06 AM by BuckWoody | 4 Comments Filed under: Tips, DBA, SQL Server, Administration, Best Practices, Security, Disaster Recovery, Maintenance Plans, Maintenance

• Transparent Data Encryption and the Latest Data Breach

  Well, It’s happened again. Hundreds of thousands of private records were stolen from a database . This one, however, was different. No one stole any passwords, no one did any social engineering, nothing was captured in-line. No, this one was accomplished Read More... Posted Monday, February 01, 2010 7:06 AM by BuckWoody | 11 Comments Filed under: SQL Server, SQL Server 2008, Security

• SQL Server Best Practices: Use Roles When You Can

  SQL Server has two major security vectors: “Principals”, which are primarily users and roles (groups), and “Securables”, which are primarily objects on the server or in the database, like tables or views. Many applications use Logins for their users, Read More... Posted Monday, December 07, 2009 7:49 AM by BuckWoody | 0 Comments Filed under: DBA, SQL Server, Scripts, Best Practices, Security