THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security   (RSS)
Showing page 2 of 2 (20 total posts)
  • Server level permissions for developers–why you should read books

    It is quite difficult recently for me to find some time to write a new post, so I don’t seem to be leading the rankings of the most frequent bloggers. I rarely recently have opportunity to lay my hands on the code too, so natural sources of ‘inspiration’ are less often. Hopefully this will change in 2012 and I will have more opportunities to write ...
    Posted to Piotr Rodak (Weblog) by rodak.p@gmail.com on January 1, 2012
  • Microsoft Document Watch for Operational Excellence

    Back when my day-to-day duties included database administration work and enterprise architecture, I became rather obsessed with the idea of operational excellence. I read everything I could on the topic. I made a list of favorites, which became somewhat shabby over time, as I dog-eared important pages and scribbled notes in the margins. ...
    Posted to Kevin Kline (Weblog) by KKline on August 8, 2011
  • Case Study: Secure Log Shipping via SSL FTP

    Today I’m putting up sort of an oddball solution I build a couple of months ago. We had the need to provide a reporting copy of some production databases for analysts to do ad-hoc reporting. The trick was that we needed to move the databases from a less secure location into a more secure location, with an untrusted domain boundary and a firewall ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on May 19, 2011
  • A strategy for managing security for different environments using the Database Development Tools in Visual Studio 2010

    Intro Of late I have been getting down and dirty with the Database Development tools in Visual Studio 2010. You may know this feature set by one of the plethora of other names it has had over recent years such as: Visual Studio Team System for Database Professionals DBPro Datadude For the rest of this post I’ll stick with the colloquial ...
    Posted to Jamie Thomson (Weblog) by jamiet on July 21, 2010
  • Trick Question -- Part Trois

    This is the third part of a series (Part 1, Part 2) thinking out loud about the decision making around data access for applications. Once you've considered how tightly bound your application code can safely be to tables, I would like to put two related thoughts out there. First, it's counterproductive, over the long term, to think of only the ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on November 16, 2009
  • Fifth pillar - Secure

    As I have mentioned in all of the previous posts, basic functionality is the foundation of any system. So it goes without saying that if you have just implemented a payroll system, everyone is getting paid.  To meet the basic bar that EVERYONE agrees upon, to be useful things have to work. Frankly, this is generally the only criteria which ...
    Posted to Louis Davidson (Weblog) by drsql on October 6, 2009
  • Parameters, Perms and Procs: Are You Really Protected from Injection?

    In my last post, Top 10 T-SQL Code Smells, I caught some flack got some feedback for including one (#3) about the use of Stored Procedures for Select statements. Several people expressed objections over the risk of SQL Injection, and how Stored Procs would prevent it, but some of the correspondence I've gotten made me worry that, perhaps, some of ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on August 24, 2009
  • DrillThrough Actions and (semi) Security in SSAS OLAP cubes

    Using SSAS 2005/2008, there is no way to apply security to DRILLTHROUGH actions, so we cannot decide whether a specific user is authorized or not to perform a specific action. This is a “by design” behavior, since DRILLTHROUGH actions are initiated at the client side, we can decide whether a user can perform or not DRILLTHROUGH but, once we let ...
    Posted to Alberto Ferrari (Weblog) by AlbertoFerrari on June 24, 2009
  • Granting rights to all objects in a database

    File this under the “I can’t believe there is still stuff that I keep learning about SQL Server 2005!” though thankfully most things I find I learn are things I wouldn’t be all that likely to use. I was asked today how I felt about using the syntax: GRANT EXECUTE TO [username] to give users rights to all procedures in the database (and you ...
    Posted to Louis Davidson (Weblog) by drsql on March 13, 2009
  • You HAVE to Trust, you MUST Verify -and that may still not be enough!

    In Brian Kelly's recent blog post, he makes an excellent case outlining why there are few options but to 'Trust' SQL Server Administrators. And then he goes into excellent detail explaining that it may be impossible to completely 'prohibit' disruptive behavior, and that one should establish a robust auditing of security events. And it is not ...
    Posted to Arnie Rowland (Weblog) by ArnieRowland on February 20, 2009
Privacy Statement