THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security   (RSS)
Showing page 2 of 9 (86 total posts)
  • SQL Azure - Requiring Encrypt=True

    (Many thanks to Peter Gvozdjak and Dan Benediktson here at Microsoft who worked with me on this issue and provided the bulk of information for this post) Recently I had a customer inquire about some performance tuning he wanted to do for SQL Azure, and as part of that he found that it was possible to remove the “Encrypt=True” setting on the ...
    Posted to Buck Woody (Weblog) by BuckWoody on March 6, 2012
  • On the Topic of Lost SA Passwords on SQL Server 2000…

      Since it looks like everything I blog about lately is showing how to get onto SQL instances to which you don’t have formal credentials, I figured what the heck – let’s do a post on SQL 2000. Earlier on today Saurabh Sapra [twitter] sent a tweet to SQL Server MVP Thomas LaRock [blog|twitter]: To which Tom replied: I was flattered. ...
    Posted to Argenis Fernandez (Weblog) by Argenis on January 20, 2012
  • Leveraging Service SIDs to Logon to SQL Server 2012 and SQL Server 2014 Instances with Sysadmin Privileges

    Edit: I have confirmed that this is still valid for the all versions of SQL Server 2012, and SQL Server 2014 - and even on Windows Server 2012 R2.   If you recall one of my previous blog posts, titled Think Your Windows Administrators Don’t Have Access to SQL Server 2008 by Default? Think Again I exploited the fact that NT AUTHORITY\SYSTEM ...
    Posted to Argenis Fernandez (Weblog) by Argenis on January 12, 2012
  • Connect Digest : 2012-01-09

    Hide databases from users who shouldn't be able to see them This is a long-standing request from Erland Sommarskog which I've highlighted in previous digests. But the underlying problem keeps coming up in multiple venues, so I thought it would be good to call attention to the item one more time. Some will argue that the contained database feature ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on January 9, 2012
  • Server level permissions for developers–why you should read books

    It is quite difficult recently for me to find some time to write a new post, so I don’t seem to be leading the rankings of the most frequent bloggers. I rarely recently have opportunity to lay my hands on the code too, so natural sources of ‘inspiration’ are less often. Hopefully this will change in 2012 and I will have more opportunities to write ...
    Posted to Piotr Rodak (Weblog) by rodak.p@gmail.com on January 1, 2012
  • Should All Data Be Encrypted By Default?

    Recently several IT industry information outlets have reported that there has been a 10-year concentrated, organized effort on breaking through computer security at some of the largest companies in the world. Government sites have also been attacked in multiple countries. Add to this the regular loss of data by banking and other industries, and ...
    Posted to Buck Woody (Weblog) by BuckWoody on August 9, 2011
  • Microsoft Document Watch for Operational Excellence

    Back when my day-to-day duties included database administration work and enterprise architecture, I became rather obsessed with the idea of operational excellence. I read everything I could on the topic. I made a list of favorites, which became somewhat shabby over time, as I dog-eared important pages and scribbled notes in the margins. ...
    Posted to Kevin Kline (Weblog) by KKline on August 8, 2011
  • Think Your Windows Administrators Don’t Have Access to SQL Server 2008 by Default? Think Again.

      We had an email thread at work where someone was asking for assistance with an unknown sa password on a SQL instance on a new laptop. “No big deal” – I said to myself – “You can reset the sa password by starting SQL in single-user mode” (If you haven’t heard about this, have a look here). And then I started thinking – but what if this ...
    Posted to Argenis Fernandez (Weblog) by Argenis on July 10, 2011
  • More information on the Patch Tuesday updates for SQL Server

    Last week, Microsoft released a series of patches for all supported versions of SQL Server (from SQL Server 2005 SP3 all the way to SQL Server 2008 R2). The reason for the patch against SQL Server installations is largely a client-side issue with the XML viewer application, and for SQL Server specifically, the exploit is limited to potential ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on June 19, 2011
  • Security updates for all supported versions of SQL Server

    It's patch Tuesday! [UPDATE June 19 : Please see my follow-up post about this security update.]  Today Microsoft released a security bulletin covering several issues that could potentially affect SQL Server; these exploits include remote code execution, denial of service, information disclosure and elevation of privilege. You should test ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on June 14, 2011
< Previous 1 2 3 4 5 Next > ... Last »
Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement