While analyzing SQL Server's network protocol, I came across a weird fact: when a database client logs in using SQL Server authentication (as opposed to Windows authentication), it has to send the user's password to the server, in blatant violation of common security guidelines. At first, I couldn't believe it; SQL Server generally does an […]
2022-03-02
5,560 reads
A reminder today that security in the physical world can affect the digital world.
2022-02-23
208 reads
There are a few security issues in the Teams application from Microsoft, and Steve notes that some of the push for new features can be a problem in this area.
2022-01-10
296 reads
Overview As we all know, data security is a never-ending battle. Every day, we hear of new data breaches. It's a hard problem, and there is no single solution, other than a defense in depth. Let's look at one of those defenses for databases: query control. Query control is a simple idea: most applications access […]
2022-01-07
4,026 reads
Problem Some time ago Argenis Fernandez(@DBArgenis) found and described a vulnerability that allows you to get into SQL Server with 'sa' rights. This method does not require a restart of the SQL Server service or the whole machine, the condition is a local administrator account on the server. Reminder SQL Server until 2008R2: Until SQL 2008R2, […]
2022-01-03
8,447 reads
We will see databases deployed on the edge, and we will need strong security patches.
2021-12-20
298 reads
2021-12-15
356 reads
Overview Microsoft SQL Server 2012 introduced a feature called data classification, which allows you to mark certain columns with labels, indicating that these columns contain sensitive or special-handling data. For instance, you may want to mark a column containing credit card numbers as "confidential", or sales numbers as "management only". The problem is that you […]
2021-12-10
5,238 reads
2021-12-06
328 reads
Introduction In SQL Server 2016, Microsoft introduced a new feature called dynamic data masking, which allows you to mask the values of certain columns and keep that data hidden from certain users, without having to modify your applications. Let's take a look at how SQL Server does data masking, and compare it to the way Gallium Data […]
2021-12-03
1,960 reads
Forgive me for the title. Mentally I’m 12. When I started my current day...
By Steve Jones
One of the things a customer asked recently about Redgate Data Modeler was how...
By Steve Jones
For a number of years, we’ve produced the State of the Database Landscape report,...
Hi all, I've just had to roll back my SSMS 22 version from 22.3.0,...
Hi! I've been banging my head against the wall for 2 days now trying...
Comments posted to this topic are about the item The Power of Data and...
In SQL Server 2025, there is a new function that returns the current date without the time. What is it?
See possible answers