Reviewing SQL Server Permissions

Permissions on data are one of the most critical aspects of database administration.

Configuring Certificate-based Authentication in SQL Server Express' Distributed Service Broker Environment

Implementing a dialog between two services residing in a distributed environment requires the presence of an authentication mechanism. Windows-based Kerberos protocol limits the scope of systems participating in a Service Broker dialog to those residing in the same or trusted Active Directory domains. This article provides an overview of how to eliminate this limitation by employing certificates.

Encryption Alternatives

Databases often contain sensitive information and cell-level encryption is a very effective method to protect this information from those who should not have access to it. Although, encryption is not without its challenges.

Granting View Definition Permission to a User or Role

Instead of granting higher level permissions, is there a way to allow users that only have public access the ability to see object definitions?

Understanding and dealing with orphaned users in a SQL Server database

Attaching and restoring databases from one server instance to another are common tasks executed by a DBA. After attaching or restoring of a database, previously created and configured logins in that database do not provide access. This tip looks at how to deal with this.

Cryptography in SQL Server

This white paper presents an overview of cryptographic functionality and discusses how this applies to authentication, signed procedures, permissions, and encryption. Because the target audience is the database professional and not necessarily security experts, the focus is on practical ways to use cryptography in SQL Server.

Configure MaxTokenSize for SQL Server Authentication

DBA's and web developers at our company are experiencing issues with connecting to SQL instances using SQL Server Management Studio and other SQL tools using Windows Integrated Authentication. Our company is large, with well over 70,000 users and groups in Active Directory. When we look in the NT event log on the SQL Server we see both MSSQL and Kerberos errors. What could be causing this?

Recover from a SQL Injection Attack on SQL Server

Lately it seems like SQL Injection attacks have been increasing. Recently our team has worked through resolving a few different SQL Injection attacks across a variety of web sites. Each of these attacks had a number of similarities which proved to point back to the same source. With this information in hand, the resolution should be much quicker. As such, if your web site is attacked with SQL Injection, how should you address it? How can the identification, analysis, recovery and resolution be streamlined? What are some lessons learned?

Hashing

Building a Security Philosophy

SQL Server trainer and expert DBA, Andy Warren, thinks that everyone should have a philosophy about security. He starts this installment in looking about how to assign administrative privileges.