SQL Server PCI DSS Security Patching Checklist

PCI DSS has strict requirements about implementing security updates and using only applications which are supported by the vendors. How do you create a patching policy for SQL Servers?

Backup Keys

Permissions

Connecting to Analysis Services in Another Domain

Connecting to resources in untrusted domains with windows authentication can be tricky. Here's how to make it easy.

Protect Confidential SQL Server Data Q and A

Following on from a webcast, Tim Smith answers some questions on SQL Server security like: Is It Better To Mask At the Application Level Or The SQL Server Database Level? Are there any options to find SSNs in SQL Server besides RegEx? And, why would anyone store sensitive data un-encrypted in SQL Server?

Prevent Confidential Data at the Application Layer from getting into SQL Server

In this tip Tim Smith looks at different approaches to stop confidential data from getting into the database.

A few reflections on security by a weary application developer

Data security? No worries! Tell me how much you are willing to pay.

Change password for user 'sa'

Last week one of my team members was supposed to create a SQL Authenticated ID on a SQL Server 2005 instance. This was as per the request of the Application team who would be using it for an Application.

Data Driven Security

Set a security standard across environments that developers can see and run, but not change.

New SQL Server 2014 Permissions: CONNECT ANY DATABASE

CONNECT ANY DATABASE is one of three new permissions in SQL Server 2014 that can be granted to server logins. What is this new permission good for and why would we ever want this?