THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security » Best Practices   (RSS)
  • Third Party Applications and Other Acts of Violence Against Your SQL Server

    I just got finished reading a great blog post from my buddy, Thomas LaRock (t | b), in which he describes a useful personal policy he used to track changes made to his SQL Servers when installing third-party products. Note that I'm talking about line-of-business applications here - your inventory management systems and help desk ...
    Posted to Kevin Kline (Weblog) by KKline on August 12, 2014
  • The Importance of Paranoia for the Technical Professional

    I recently read a blog post from a technical professional who’s account had been hacked (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)  – not because he used poor passwords or unsafe practices, but because the hackers used some social engineering to get around the safety he had put into ...
    Posted to Buck Woody (Weblog) by BuckWoody on August 8, 2012
  • Should All Data Be Encrypted By Default?

    Recently several IT industry information outlets have reported that there has been a 10-year concentrated, organized effort on breaking through computer security at some of the largest companies in the world. Government sites have also been attacked in multiple countries. Add to this the regular loss of data by banking and other industries, and ...
    Posted to Buck Woody (Weblog) by BuckWoody on August 9, 2011
  • Microsoft Document Watch for Operational Excellence

    Back when my day-to-day duties included database administration work and enterprise architecture, I became rather obsessed with the idea of operational excellence. I read everything I could on the topic. I made a list of favorites, which became somewhat shabby over time, as I dog-eared important pages and scribbled notes in the margins. ...
    Posted to Kevin Kline (Weblog) by KKline on August 8, 2011
  • More than one way to skin an Audit

    I get asked quite a bit about auditing in SQL Server. By ''audit'', people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very granular audits, so lots of workarounds were suggested. As time progressed, more and more ...
    Posted to Buck Woody (Weblog) by BuckWoody on May 20, 2010
  • Backup those keys, citizen

    Periodically I back up the keys within my servers and databases, and when I do, I blog a reminder here. This should be part of your standard backup rotation – the keys should be backed up often enough to have at hand and again when they change. The first key you need to back up is the Service Master Key, which each Instance already has built-in. ...
    Posted to Buck Woody (Weblog) by BuckWoody on April 20, 2010
  • Have you backed up your keys lately?

    Did you know that you already have a Server Master Key (SMK) generated for your system? That’s right – while a Database Master Key (DMK) is generated when you encrypt a certificate or Asymmetric Key with code, the Server Master Key is generated automatically when you start the Instance. So you should back all of those keys up periodically, and ...
    Posted to Buck Woody (Weblog) by BuckWoody on March 1, 2010
  • SQL Server Best Practices: Use Roles When You Can

    SQL Server has two major security vectors: “Principals”, which are primarily users and roles (groups), and “Securables”, which are primarily objects on the server or in the database, like tables or views. Many applications use Logins for their users, and then tie those Instance Logins to Database Users. The Database Users are then given rights and ...
    Posted to Buck Woody (Weblog) by BuckWoody on December 7, 2009
  • Whitepaper on Malware to Attack Databases

    Brian Kelly on his blog mentiones a whitepaper by Cesar Cerrudo: Data0: Next generation malware for stealing databases. This whitepaper describes how malware could be crafted to steal information out of databases. The attack will use the following techniques: Discovery Exploitation Escalate Privileges (if necessary) Cover ...
    Posted to Denis Gobo (Weblog) by Denis Gobo on November 23, 2007
  • SQL Injection Cheat Sheet

    What is SQL Injection? From wikipedia: SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby ...
    Posted to Denis Gobo (Weblog) by Denis Gobo on September 19, 2007
Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement