This script shows what permission the user have in what object and who granted the permission
SELECT prmssn.permission_name AS [Permission], sp.type_desc, sp.name, grantor_principal.name AS [Grantor], grantee_principal.name AS [Grantee] FROM sys.all_objects AS sp INNER JOIN sys.database_permissions AS prmssn ON prmssn.major_id=sp.object_id AND prmssn.minor_id=0 AND prmssn.class=1 INNER JOIN sys.database_principals AS grantor_principal ON grantor_principal.principal_id = prmssn.grantor_principal_id INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = prmssn.grantee_principal_id WHERE (SCHEMA_NAME(sp.schema_id)='dbo') ORDER BY sp.type go
A new article from MSDN magazine on stopping SQL Injection attacks by examining how the SQL can be exploited. It's a good basic article for developers as well as DBAs who might have to review code.
2004-08-20
2,865 reads
Storing passwords in SQL Server for authentication by your application is a common practice. But not always a good one. Someone with access could easily see all passwords and perhaps cause mischief inside your application. Imagine the office gossip getting access to your HR application as the HR director! Not a good thing. Dinesh Asanka has written a short piece on how you can use a built in function in SQL Server to encrypt these passwords and use them with a minimum of effort.
2004-07-12
13,400 reads
As Robin points out there is no built in way to make sure users have strong passwords when using SQL authentication. There are a couple changes you can make (with appropriate warnings!) that will allow you to do this. Read on to find out why and how.
2004-03-02
6,656 reads
Do your developers really understand how to prevent injection attacks? Or scarier still, how many know what an injection attack is? Chris has some great examples of how sql injection works and how to prevent it.
2004-02-02
17,502 reads
In this article by Randy Dyess he shares with you the script on how he audits his environment and outputs reports of the permissions that users have.
2002-05-30
9,875 reads
