Data Otaku

A seemingly random collection of data- and database-related posts

June, 2011

Posts
  • Data Otaku

    SQL Injection Demo

    • 0 Comments
    The purpose of this post is to demonstrate a simple SQL injection attack. For information on securing a database against SQL injection, please review this post . NOTE Implementing an actual SQL injection attack against a system for which you have not...
  • Data Otaku

    Transparent Data Encryption (TDE) Demo

    • 0 Comments
    This post demonstrates the use of Transparent Data Encryption (TDE) to protect database files including backups. To understand how this features can be employed to improve the security of database applications, please review this post . The first step...
  • Data Otaku

    Build Secure Database Applications with Microsoft SQL Server

    • 1 Comments
    The recent spate of breaches and attacks targeting various business and government computing systems drives home the message that our (collective) systems are at risk from threats both internal and external. As a database professional, I'm inclined to...
  • Data Otaku

    Defend against SQL Injection

    • 0 Comments
    SQL injection is an attack by which user input is used to modify the logic of a SQL statement. The attack may be used to disrupt the underlying database or bypass application logic but more typically it is used to extract additional information from the...
  • Data Otaku

    Secure the Authentication Process

    • 0 Comments
    SQL Server supports two authentication mechanisms: Windows authentication and SQL Server (SQL) authentication. With Windows authentication, SQL Server simply validates a user’s Windows identity with an identity management solution such as Active...
  • Data Otaku

    Harden the Database Server

    • 0 Comments
    Reducing the database server’s exposure to attacks (hardening) is a pretty big task. The physical security of the server along with that of the infrastructure on which it depends must be considered. Then there's the network and the operating system...
  • Data Otaku

    Securing the Data Warehouse

    • 1 Comments
    After completing a series of posts on Building Secure Database Applications , the question of how the practices and features highlighted apply to data warehouses arose. In a traditional database application, the database is a behind-the-scenes element...
  • Data Otaku

    Application-Specific Endpoint Demo

    • 0 Comments
    This post demonstrates the use of endpoints to secure application connectivity to an instance of SQL Server. The first step in the demonstration is to create two logins to test the functionality of the endpoints. In the code below, I'm using local...
  • Data Otaku

    Encrypt the Data

    • 0 Comments
    SQL Server supports the encryption of data through a number of mechanisms. These include: Cryptographic functions for the encryption and signing of individual values, The Transparent Data Encryption (TDE) feature through which the data and log...
  • Data Otaku

    Assign Minimal Permissions

    • 0 Comments
    Users should be permitted to perform just those operations required within the context of an application and nothing more. Restricting user permissions in this manner limits the potential for inappropriate data access and database actions. With this...
  • Data Otaku

    Digital Signing Demo

    • 3 Comments
    This post demonstrates the use of a digital signing function to ensure data within a table is unaltered outside a given set of stored procs. To understand how these and other crytographic functions can be employed to improve the security of database applications...
  • Data Otaku

    Cryptographic Function Demo

    • 2 Comments
    This post demonstrates the use of a cryptographic function encrypt data within a table. To understand how the crytographic functions can be employed to improve the security of database applications, please review this post . The first step in the demonstration...
  • Data Otaku

    Context Switching Demo

    • 0 Comments
    This post demonstrates the use of context switching to provide controlled access to objects to which a user otherwise does not have permissions. To understand how context switching can be employed to improve the security of database applications, please...
  • Data Otaku

    Monitor & Enforce Security Policies

    • 0 Comments
    Once a security policy is defined, it then needs to be monitored and enforced to ensure compliance. SQL Server provides two features for this: policy-based management and audit. Policy-Based Management Introduced with SQL Server 2008, policy-based...
  • Data Otaku

    Regulate Network Connectivity

    • 2 Comments
    SQL Server accepts client connections over specific network protocols and (for lack of a better term) associated channels. The combination of network protocol, a channel, and the type of communication taking place over it is managed from within SQL Server...
  • Data Otaku

    Ownership Chain Demo

    • 0 Comments
    This post demonstrates the use of ownership chains to provide controlled access to objects to which a user otherwise does not have permissions. To understand how ownership chains can be employed to improve the security of database applications, please...
  • Data Otaku

    Module Signing Demo

    • 0 Comments
    This post demonstrates the use of module signing to provide controlled access to objects to which a user otherwise does not have permissions. To understand how module signing can be employed to improve the security of database applications, please review...
Page 1 of 1 (17 items)