SqlServerKudos - Latest published stories in Security
1
kudos
spam Kudos Remove

Fifth pillar - Secure

published 291 days, 4 hours, 57 minutes ago posted by sasa 296 days, 23 hours, 16 minutes ago
Tuesday, October 13, 2009 3:01:48 PM GMT Wednesday, October 07, 2009 8:42:28 PM GMT
As I have mentioned in all of the previous posts, basic functionality is the foundation of any system. So it goes without saying that if you have just implemented a payroll system, everyone is getting paid.  To meet the basic bar that EVERYONE agrees upon, to be useful things have to work. Frankly, this is generally the only criteria which needs to be met for most systems to be considered complete, and since I don’t want get off on a rant, that is all that I will say (for now at least, it will be in the ... (more)
category: Security | clicked: 0 | comment | | source: sqlblog.com
tags: Database Design, Pillars, Security
1
kudos
spam Kudos Remove

Are you performing Backup’s of all your SQL Databases? If you think so, you might think again!

published 295 days, 5 hours, 11 minutes ago posted by sasa 304 days, 22 hours, 13 minutes ago
Friday, October 09, 2009 2:47:35 PM GMT Tuesday, September 29, 2009 9:45:37 PM GMT
Backups are one of the most fundamental parts of being a good SQL Server DBA.  Nothing matters as much as being able to recover from disaster.  As a DBA I am constantly checking if my backups exist, completed correctly and are available for recovery in the event that something happens.  Until recently a lot of this has been done through the use of custom monitoring scripts that generate reports to tell me whether or not backups completed successfully over the weekend and manually restoring random backups... (more)
category: Security | clicked: 1 | comment | | source: sqlblog.com
tags: Product Review
1
kudos
spam Kudos Remove

Are You Really Protected from Injection?

published 334 days, 19 hours, 39 minutes ago posted by sasa 340 days, 37 minutes ago
Monday, August 31, 2009 12:19:40 AM GMT Tuesday, August 25, 2009 7:21:37 PM GMT
In my last post, Top 10 T-SQL Code Smells, I caught some flack got some feedback for including one (#3) about the use of Stored Procedures for Select statements. Several people expressed objections over the risk of SQL Injection, and how Stored Procs would prevent it, but some of the correspondence I've gotten made me worry that, perhaps, some of those folks might have a false sense of security around this issue. Disclaimer: the whole Stored Procs or not Stored Procs debate has already happened; I am no... (more)
category: Security | clicked: 1 | comment | | source: sqlblog.com
tags: injection, Security, Stored Procedures
1
kudos
spam Kudos Remove

How to secure a new SQL Server Reporting Services farm

published 339 days, 6 hours, 30 minutes ago posted by sasa 344 days, 22 hours, 4 minutes ago
Wednesday, August 26, 2009 1:28:42 PM GMT Thursday, August 20, 2009 9:54:17 PM GMT
Last month, I talked about the licensing model for the "Scale Out" Reporting Services model. It is expensive. Well, this month I am building a proof-of-concept for a customer. Luckily, we can use the Developer edition until we go into production. I feel much more comfortable dealing with technical issues versus licensing issues. Let's take a look... (more)
category: Security | clicked: 1 | comment | | source: www.networkworld.com
tags: Scale Out, Security, SSRS, Web Farm
1
kudos
spam Kudos Remove

Keeping up with SQL Server KB articles

published 362 days, 8 hours, 7 minutes ago posted by sasa 366 days, 22 hours, 33 minutes ago
Monday, August 03, 2009 11:51:18 AM GMT Wednesday, July 29, 2009 9:25:45 PM GMT
One of the most useful tools for anyone involved in day to day support of SQL Servers is being able to keep up with the latest Microsoft Knowledge Base articles for the products you support. There are RSS feeds available for each of the currently supported editions that allow you to keep up to date with bugs and fixes for SQL Server and it generally only takes a few minutes every few days to skim them so that should you come across a problem it will jog your memory... (more)
category: Security | clicked: 0 | comment | | source: sqlblogcasts.com
tags: Knowledge Base
1
kudos
spam Kudos Remove

SQL Logins For Windows Domain Accounts Limited To Pre-Windows 2000 Format

published 365 days, 7 hours, 47 minutes ago posted by sasa 368 days, 6 hours, 7 minutes ago
Friday, July 31, 2009 12:11:33 PM GMT Tuesday, July 28, 2009 1:51:51 PM GMT
You may have noticed that when you create a login on a SQL server that's mapped to a Windows domain account you have to use the pre-Windows 2000 format [domain\login]. Did you also notice that there's a limitation of 20 characters on the login portion of this format? Let's pretend that you use nice descriptive names for application accounts, for example:Sales.ReportUtil.ProdServiceSales.ReportUtil.ProdWebuser When you try to add these logins the 20 character limit cuts them both off at "Sales.ReportUt... (more)
category: Security | clicked: 1 | comment | | source: kendalvandyke.blogspot.com
tags: Login, Security
2
kudos
spam Kudos Remove

Looking for security vulnerabilities in database code

published 368 days, 7 hours, 53 minutes ago posted by sasa 370 days, 13 hours, 21 minutes ago
Tuesday, July 28, 2009 12:05:09 PM GMT Sunday, July 26, 2009 6:37:29 AM GMT
I've always been concerned with security and I've always stressed the importance of auditing the REAL user context not just the current user (see this post on EXECUTE AS and auditing). So, I generally try to avoid using dynamic string execution and if necessary create well tested/protected parameters (fyi - using QUOTENAME can be a fantasic solution to protectng identifiers as input paramet... (more)
category: Security | clicked: 1 | comment | | source: www.sqlskills.com
tags: Security, SQL Server 2005, SQL Server 2008
3
kudos
spam Kudos Remove

For shared SQL Server providers : hiding your list of databases from customers

published 368 days, 7 hours, 53 minutes ago posted by sasa 370 days, 14 hours, 25 minutes ago
Tuesday, July 28, 2009 12:05:09 PM GMT Sunday, July 26, 2009 5:33:37 AM GMT
In a shared SQL Server hosting environment, there are several problems that can arise when you let your customers use Management Studio to connect and administer their databases.  In the typical case, you give them a single SQL Authentication username and password, and they are supposed to be able to connect only to their database.  By default, however, Object Explorer and Object Explorer Details will gladly present the entire list of databases on the server.  In this case, not only are you exposing all ... (more)
category: Security | clicked: 8 | comment | | source: sqlblog.com
tags: Database List, Management Studio, Security, Shared Hosting, SSMS
1
kudos
spam Kudos Remove

View Permissions for Reporting Services in SharePoint Integrated Mode

published 369 days, 7 hours, 45 minutes ago posted by sasa 370 days, 13 hours, 26 minutes ago
Monday, July 27, 2009 12:13:38 PM GMT Sunday, July 26, 2009 6:32:55 AM GMT
Setting up security for SSRS in SharePoint integrated mode can be a bit tricky, particularly if you want to set up some of your users to only be able to run reports, but not to be able to modify or change them. If you give the users the standard Contribute permission level in SharePoint, they have the ability to view and execute reports, but they can also delete existing reports or add new ones. If you assign only the Read permission level to the users, they won't even be able to see the reports in the d... (more)
category: Security | clicked: 4 | comment | | source: agilebi.com
tags: Security, SharePoint, SSRS