SqlServerKudos

Security

1
kudos

Kudos

I am a forum spammer! Delete my account immediately!!

published 928 days, 18 hours, 47 minutes ago posted by

sa 938 days, 8 hours, 25 minutes ago

I am a forum spammer! Delete my account immediately!!

The subject may look confusing that 1 part of it confirms its a forum spammer and another part to delete that account!!! Here is the email text that I have received highlighting valueable advice on security: *********** This email address was created solely to register automatically at thousands of forums for the purposes of spamming forums like yours. Remove my account and any other account registered with my email address, and strongly consider strengthening your forum's password requirements....(read ... (more)

category: News | clicked: 1 | comment | | source: sqlserver-qa.net

tags: email, forum, foundation, password, Security, spam, team

1
kudos

Kudos

Alert - Critical Product Vulnerability - October 2009 Microsoft Security Bulletin Release

published 937 days, 20 hours, 25 minutes ago posted by

sa 947 days, 9 hours, 6 minutes ago

Alert - Critical Product Vulnerability - October 2009 Microsoft Security Bulletin Release

This alert is to provide you with an overview of the new security bulletin(s) being released on October 13, 2009. Security bulletins are released monthly to resolve critical problem vulnerabilities. New Security Bulletins Microsoft is releasing the following 13 new security bulletins for newly discovered vulnerabilities: Bulletin ID Bulletin Title Maximum Severity Vulnerability Impact Restart Requirement Affected Software* MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)...(re... (more)

category: News | clicked: 0 | comment | | source: sqlserver-qa.net

tags: alert, Best Practices, bulletin, microsoft, operating system, search, Security, vulnerability, windows

1
kudos

Kudos

Fifth pillar - Secure

published 951 days, 21 hours, 21 minutes ago posted by

sa 957 days, 15 hours, 41 minutes ago

As I have mentioned in all of the previous posts, basic functionality is the foundation of any system. So it goes without saying that if you have just implemented a payroll system, everyone is getting paid. To meet the basic bar that EVERYONE agrees upon, to be useful things have to work. Frankly, this is generally the only criteria which needs to be met for most systems to be considered complete, and since I don’t want get off on a rant, that is all that I will say (for now at least, it will be in the ... (more)

category: Security | clicked: 0 | comment | | source: sqlblog.com

tags: Database Design, Pillars, Security

1
kudos

Kudos

Microsoft Security Bulletin major revisions - August 2009

published 965 days, 22 hours, 21 minutes ago posted by

sa 969 days, 1 hour, 51 minutes ago

Microsoft Security Bulletin major revisions - August 2009

******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: August 25, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details. * MS09-044 - Critical * MS09-029 - Critical Bulletin Information: ===================== * MS09-044 - Critical - http://www.microsoft.com/technet/security/bulle... (more)

category: News | clicked: 2 | comment | | source: sqlserver-qa.net

tags: bulletin, critical, microsoft, Security

1
kudos

Kudos

MSG 10314 An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE.

published 966 days, 22 hours, 26 minutes ago posted by

sa 969 days, 10 hours, 11 minutes ago

MSG 10314 An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE.

As it states on the subject line this is an error that would cause when the system is trying to load assembly due to the permissions, the second part of the subject also needs consideration that server may be running out of resources & security issue. Msg 10314, Level 16, State 11, Line 2 An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS...(read more) (more)

category: News | clicked: 0 | comment | | source: sqlserver-qa.net

tags: .NET, access, Assemblies, BOL, CLR, error, Login, login mapping, privileges, Security, sid, SQL Server, versioncontrol

1
kudos

Kudos

Are You Really Protected from Injection?

published 995 days, 12 hours, 4 minutes ago posted by

sa 1000 days, 17 hours, 2 minutes ago

Are You Really Protected from Injection?

In my last post, Top 10 T-SQL Code Smells, I caught some flack got some feedback for including one (#3) about the use of Stored Procedures for Select statements. Several people expressed objections over the risk of SQL Injection, and how Stored Procs would prevent it, but some of the correspondence I've gotten made me worry that, perhaps, some of those folks might have a false sense of security around this issue. Disclaimer: the whole Stored Procs or not Stored Procs debate has already happened; I am no... (more)

category: Security | clicked: 1 | comment | | source: sqlblog.com

tags: injection, Security, Stored Procedures

1
kudos

Kudos

How to secure a new SQL Server Reporting Services farm

published 999 days, 22 hours, 55 minutes ago posted by

sa 1005 days, 14 hours, 29 minutes ago

How to secure a new SQL Server Reporting Services farm

Last month, I talked about the licensing model for the "Scale Out" Reporting Services model. It is expensive. Well, this month I am building a proof-of-concept for a customer. Luckily, we can use the Developer edition until we go into production. I feel much more comfortable dealing with technical issues versus licensing issues. Let's take a look... (more)

category: Security | clicked: 1 | comment | | source: www.networkworld.com

tags: Scale Out, Security, SSRS, Web Farm

1
kudos

Kudos

How to specify a Windows Authentication user in T-SQL

published 1000 days, 23 hours, 4 minutes ago posted by

sa 1006 days, 17 hours, 15 minutes ago

How to specify a Windows Authentication user in T-SQL

This may only be a SQL Server 2005 problem. Comments either way please. Only one of these works: grant execute on storedproc to [domain1\ismom] grant execute on storedproc to 'domain1\ismom' grant execute on stored_proc to '[domain1\ismom]' (more)

category: Management | clicked: 1 | comment | | source: weblogs.sqlteam.com

tags: Authentication, Security

1
kudos

Kudos

Tools to enhance SQL Server security, analyze that!

published 1006 days, 22 hours, 56 minutes ago posted by

sa 1011 days, 21 hours, 15 minutes ago

Tools to enhance SQL Server security, analyze that!

There are various methods you could apply to secure SQL Server platform, that includes the areas of physical hardware and networking systems connecting clients to the database servers, and the binary files that are used to process database requests! It is not that easy to implement the strict measures of security when the databases are spread out in an enterprise-wide network. There are tons of information about best practices for physical security stric... (more)

category: Management | clicked: 3 | comment | | source: sqlserver-qa.net

tags: audit, feature, lock down, Security, sql injection, Tools, verison, vulnerability

1
kudos

Kudos

SQL Logins For Windows Domain Accounts Limited To Pre-Windows 2000 Format

published 1026 days, 12 minutes ago posted by

sa 1028 days, 22 hours, 31 minutes ago

SQL Logins For Windows Domain Accounts Limited To Pre-Windows 2000 Format

You may have noticed that when you create a login on a SQL server that's mapped to a Windows domain account you have to use the pre-Windows 2000 format [domain\login]. Did you also notice that there's a limitation of 20 characters on the login portion of this format? Let's pretend that you use nice descriptive names for application accounts, for example:Sales.ReportUtil.ProdServiceSales.ReportUtil.ProdWebuser When you try to add these logins the 20 character limit cuts them both off at "Sales.ReportUt... (more)

category: Security | clicked: 1 | comment | | source: kendalvandyke.blogspot.com

tags: Login, Security

2
kudos

Kudos

Looking for security vulnerabilities in database code

published 1029 days, 18 minutes ago posted by

sa 1031 days, 5 hours, 46 minutes ago

Looking for security vulnerabilities in database code

I've always been concerned with security and I've always stressed the importance of auditing the REAL user context not just the current user (see this post on EXECUTE AS and auditing). So, I generally try to avoid using dynamic string execution and if necessary create well tested/protected parameters (fyi - using QUOTENAME can be a fantasic solution to protectng identifiers as input paramet... (more)

category: Security | clicked: 1 | comment | | source: www.sqlskills.com

tags: Security, SQL Server 2005, SQL Server 2008

1
kudos

Kudos

View Permissions for Reporting Services in SharePoint Integrated Mode

published 1030 days, 10 minutes ago posted by

sa 1031 days, 5 hours, 50 minutes ago

View Permissions for Reporting Services in SharePoint Integrated Mode

Setting up security for SSRS in SharePoint integrated mode can be a bit tricky, particularly if you want to set up some of your users to only be able to run reports, but not to be able to modify or change them. If you give the users the standard Contribute permission level in SharePoint, they have the ability to view and execute reports, but they can also delete existing reports or add new ones. If you assign only the Read permission level to the users, they won't even be able to see the reports in the d... (more)

category: Security | clicked: 5 | comment | | source: agilebi.com

tags: Security, SharePoint, SSRS

3
kudos

Kudos

For shared SQL Server providers : hiding your list of databases from customers

published 1029 days, 18 minutes ago posted by

sa 1031 days, 6 hours, 50 minutes ago

For shared SQL Server providers : hiding your list of databases from customers

In a shared SQL Server hosting environment, there are several problems that can arise when you let your customers use Management Studio to connect and administer their databases. In the typical case, you give them a single SQL Authentication username and password, and they are supposed to be able to connect only to their database. By default, however, Object Explorer and Object Explorer Details will gladly present the entire list of databases on the server. In this case, not only are you exposing all ... (more)

category: Security | clicked: 8 | comment | | source: sqlblog.com

tags: Database List, Management Studio, Security, Shared Hosting, SSMS

Welcome!

Security

I am a forum spammer! Delete my account immediately!!

Alert - Critical Product Vulnerability - October 2009 Microsoft Security Bulletin Release

Fifth pillar - Secure

Microsoft Security Bulletin major revisions - August 2009

MSG 10314 An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE.

Are You Really Protected from Injection?

How to secure a new SQL Server Reporting Services farm

How to specify a Windows Authentication user in T-SQL

Tools to enhance SQL Server security, analyze that!

SQL Logins For Windows Domain Accounts Limited To Pre-Windows 2000 Format

Looking for security vulnerabilities in database code

View Permissions for Reporting Services in SharePoint Integrated Mode

For shared SQL Server providers : hiding your list of databases from customers

Open ID Login

Standard Login

Forgot Password?

Sign up