THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security   (RSS)
Showing page 4 of 5 (42 total posts)
  • Parameters, Perms and Procs: Are You Really Protected from Injection?

    In my last post, Top 10 T-SQL Code Smells, I caught some flack got some feedback for including one (#3) about the use of Stored Procedures for Select statements. Several people expressed objections over the risk of SQL Injection, and how Stored Procs would prevent it, but some of the correspondence I've gotten made me worry that, perhaps, some of ...
    Posted to Merrill Aldrich (Weblog) by merrillaldrich on August 24, 2009
  • For shared SQL Server providers : hiding your list of databases from customers

    In a shared SQL Server hosting environment, there are several problems that can arise when you let your customers use Management Studio to connect and administer their databases.  In the typical case, you give them a single SQL Authentication username and password, and they are supposed to be able to connect only to their database.  By ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on July 19, 2009
  • Connect Digest : 2009-07-18

    I missed last week because I was having fun up in Canada... mostly without any kind of computer access at all.  It was a nice break, but now I'm back in the thick of things again.  So this week, I am going to try to beef it up a bit to compensate for last week's missing entry. =================================== DELETE vs. DROP I ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on July 18, 2009
  • DrillThrough Actions and (semi) Security in SSAS OLAP cubes

    Using SSAS 2005/2008, there is no way to apply security to DRILLTHROUGH actions, so we cannot decide whether a specific user is authorized or not to perform a specific action. This is a “by design” behavior, since DRILLTHROUGH actions are initiated at the client side, we can decide whether a user can perform or not DRILLTHROUGH but, once we let ...
    Posted to Alberto Ferrari (Weblog) by AlbertoFerrari on June 24, 2009
  • Connect Digest : 2009-05-10 : please vote!

    Sorry I'm a day late on this one; yesterday I was fully engulfed by Resource Governor stuff and a filter refreshing problem at work, and then last night I spent the entire evening away from a computer (for the first time in what seems like ages).  Anyway, without further ado, here are the items I noticed this week that I think could use some ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on May 10, 2009
  • Granting rights to all objects in a database

    File this under the “I can’t believe there is still stuff that I keep learning about SQL Server 2005!” though thankfully most things I find I learn are things I wouldn’t be all that likely to use. I was asked today how I felt about using the syntax: GRANT EXECUTE TO [username] to give users rights to all procedures in the database (and you ...
    Posted to Louis Davidson (Weblog) by drsql on March 13, 2009
  • You HAVE to Trust, you MUST Verify -and that may still not be enough!

    In Brian Kelly's recent blog post, he makes an excellent case outlining why there are few options but to 'Trust' SQL Server Administrators. And then he goes into excellent detail explaining that it may be impossible to completely 'prohibit' disruptive behavior, and that one should establish a robust auditing of security events. And it is not ...
    Posted to Arnie Rowland (Weblog) by ArnieRowland on February 20, 2009
  • More updates for SQL Server 2005 Service Pack 3

    As promised, upon return from a trip to the frozen tundra of Northern Ontario, I am posting the latest updates from last week's release of SQL Server 2005 Service Pack 3.  For those who have been waiting to test the service pack until the post-SP3 cumulative update is available, you can get it in KB #959195 and read more about it over at the ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on December 23, 2008
  • Troubleshooting login problems

    I've been learning a few things about troubelshooting login problems over the last few months. I first want to say that I've learned most of this through other blogs, comments etc. At the end of this blog post you will find an URL list where you can look for more details. It started a few months back where I somewhere read a blog stating that we ...
    Posted to Tibor Karaszi (Weblog) by TiborKaraszi on December 17, 2008
  • Very important SQL Server update

    There is a patch available for four elevation of privilege vulnerabilities recently discovered in SQL Server.From http://www.microsoft.com/technet/security/bulletin/ms08-Jul.mspx:This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on July 8, 2008
Privacy Statement