This post demonstrates the use of a digital signing function to ensure data within a table is unaltered outside a given set of stored procs. To understand how these and other crytographic functions can be employed to improve the security of database applications...

SQL Server accepts client connections over specific network protocols and (for lack of a better term) associated channels. The combination of network protocol, a channel, and the type of communication taking place over it is managed from within SQL Server...

This post demonstrates the use of a cryptographic function encrypt data within a table. To understand how the crytographic functions can be employed to improve the security of database applications, please review this post . The first step in the demonstration...

The recent spate of breaches and attacks targeting various business and government computing systems drives home the message that our (collective) systems are at risk from threats both internal and external. As a database professional, I'm inclined to...

Reducing the database server’s exposure to attacks (hardening) is a pretty big task. The physical security of the server along with that of the infrastructure on which it depends must be considered. Then there's the network and the operating system...

SQL Server supports two authentication mechanisms: Windows authentication and SQL Server (SQL) authentication. With Windows authentication, SQL Server simply validates a user’s Windows identity with an identity management solution such as Active...

Users should be permitted to perform just those operations required within the context of an application and nothing more. Restricting user permissions in this manner limits the potential for inappropriate data access and database actions. With this...

This post demonstrates the use of endpoints to secure application connectivity to an instance of SQL Server. The first step in the demonstration is to create two logins to test the functionality of the endpoints. In the code below, I'm using local...

This post demonstrates the use of ownership chains to provide controlled access to objects to which a user otherwise does not have permissions. To understand how ownership chains can be employed to improve the security of database applications, please...

This post demonstrates the use of context switching to provide controlled access to objects to which a user otherwise does not have permissions. To understand how context switching can be employed to improve the security of database applications, please...

This post demonstrates the use of module signing to provide controlled access to objects to which a user otherwise does not have permissions. To understand how module signing can be employed to improve the security of database applications, please review...

SQL Server supports the encryption of data through a number of mechanisms. These include: Cryptographic functions for the encryption and signing of individual values, The Transparent Data Encryption (TDE) feature through which the data and log...

After completing a series of posts on Building Secure Database Applications , the question of how the practices and features highlighted apply to data warehouses arose. In a traditional database application, the database is a behind-the-scenes element...

This post demonstrates the use of Transparent Data Encryption (TDE) to protect database files including backups. To understand how this features can be employed to improve the security of database applications, please review this post . The first step...

SQL injection is an attack by which user input is used to modify the logic of a SQL statement. The attack may be used to disrupt the underlying database or bypass application logic but more typically it is used to extract additional information from the...

The purpose of this post is to demonstrate a simple SQL injection attack. For information on securing a database against SQL injection, please review this post . NOTE Implementing an actual SQL injection attack against a system for which you have not...

Once a security policy is defined, it then needs to be monitored and enforced to ensure compliance. SQL Server provides two features for this: policy-based management and audit. Policy-Based Management Introduced with SQL Server 2008, policy-based...