THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security   (RSS)
Showing page 2 of 3 (25 total posts)
  • Server level permissions for developers–why you should read books

    It is quite difficult recently for me to find some time to write a new post, so I don’t seem to be leading the rankings of the most frequent bloggers. I rarely recently have opportunity to lay my hands on the code too, so natural sources of ‘inspiration’ are less often. Hopefully this will change in 2012 and I will have more opportunities to write ...
    Posted to Piotr Rodak (Weblog) by on January 1, 2012
  • Microsoft Document Watch for Operational Excellence

    Back when my day-to-day duties included database administration work and enterprise architecture, I became rather obsessed with the idea of operational excellence. I read everything I could on the topic. I made a list of favorites, which became somewhat shabby over time, as I dog-eared important pages and scribbled notes in the margins. ...
    Posted to Kevin Kline (Weblog) by KKline on August 8, 2011
  • Case Study: Secure Log Shipping via SSL FTP

    Today I’m putting up sort of an oddball solution I build a couple of months ago. We had the need to provide a reporting copy of some production databases for analysts to do ad-hoc reporting. The trick was that we needed to move the databases from a less secure location into a more secure location, with an untrusted domain boundary and a firewall ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on May 19, 2011
  • Watch out for old stuff

    No, I'm not referring to me, I'm referring to options, config values and such which should really have been removed from the product a long time ago. I was reading a recent blog from Jonathan Kehayias and realize how much old stuff are still visible one way or the other in the product. There are of course commands which has more ...
    Posted to Tibor Karaszi (Weblog) by TiborKaraszi on September 15, 2010
  • A strategy for managing security for different environments using the Database Development Tools in Visual Studio 2010

    Intro Of late I have been getting down and dirty with the Database Development tools in Visual Studio 2010. You may know this feature set by one of the plethora of other names it has had over recent years such as: Visual Studio Team System for Database Professionals DBPro Datadude For the rest of this post I’ll stick with the colloquial ...
    Posted to Jamie Thomson (Weblog) by jamiet on July 21, 2010
  • Using sa as owner for jobs and databases

    This blog is not about avoiding logging in using the sa login. Hopefully we all know about this, and work towards avoidning this practice. Instead I want to talk about using sa, but not to login (authenticate), but as owner for jobs and databases. I want keep these thing de-individualized - so we avoid things like person A leaving the company and ...
    Posted to Tibor Karaszi (Weblog) by TiborKaraszi on December 30, 2009
  • Trick Question -- Part Trois

    This is the third part of a series (Part 1, Part 2) thinking out loud about the decision making around data access for applications. Once you've considered how tightly bound your application code can safely be to tables, I would like to put two related thoughts out there. First, it's counterproductive, over the long term, to think of only the ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on November 16, 2009
  • Fifth pillar - Secure

    As I have mentioned in all of the previous posts, basic functionality is the foundation of any system. So it goes without saying that if you have just implemented a payroll system, everyone is getting paid.  To meet the basic bar that EVERYONE agrees upon, to be useful things have to work. Frankly, this is generally the only criteria which ...
    Posted to Louis Davidson (Weblog) by drsql on October 6, 2009
  • SQL Server Agent jobs and user contexts

    In what user context does a job run? I recently found myself in a forum discussion and gave my stock reply, later realizing that I haven't actually tested this for a long time (I used to demo this in class during 6.5 courses - when we actually had time for slight diversions). Lets start with my assumptions: Job owned by sysadmin, TSQL ...
    Posted to Tibor Karaszi (Weblog) by TiborKaraszi on September 19, 2009
  • Parameters, Perms and Procs: Are You Really Protected from Injection?

    In my last post, Top 10 T-SQL Code Smells, I caught some flack got some feedback for including one (#3) about the use of Stored Procedures for Select statements. Several people expressed objections over the risk of SQL Injection, and how Stored Procs would prevent it, but some of the correspondence I've gotten made me worry that, perhaps, some of ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on August 24, 2009
Privacy Statement