SQL Server 2000 SP3 and xp_cmdshell Woes

The problems caused by the SQL Sapphire Worm, also know as the SQL Slammer, have caused many sites to do a quick upgrade to SQL Server 2000 Service Pack 3 (SP3). It includes the fix that prevents infection by the worm. While moving to the latest service pack is usually a good thing, to do so without thorough testing risks breaking a working application. That is exactly what happened to one of my clients over the weekend.

SQL Server 2005 Secures Your Data Like Never Before

Right out of the box, SQL Server 2005 does not install many of its services (such as SQL Server Reporting Services) or does not have features turned on by default (.NET integration), thereby reducing the attack vectors that hackers could use to compromise your data security.

User Test1 owns 3 schemas in a SQL...

You are working with SQL Server 2005 and...

You are setting up replication in SQL Server...

You are working with SQL Server 2005 and...

Hacker's-eye view of SQL Server

If a hacker sets sights on your SQL Server, there are four primary methods he can use to take control and carry out unauthorized, malicious activity. I will look at each of these: Password compromise, Account compromise, SQL injection, Buffer overflows

Updated SQL Injection

SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought.

Under which account does the SQL Server 2005...

Free Encryption

Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data.