Dan's Blog

I am Principal Program Manager at Microsoft leading the Business Platform Division's (BPD) community team. BPD includes SQL Server, SQL Azure, BizTalk, AppFabric, and other technologies and services.

Browse by Tags

Tagged Content List
  • Blog Post: Oracle Unbreakable == Oxymoron

      And I ask once again… why do people run Oracle? http://www.businessinsider.com/yikes-oracle-issues-emergency-fix-for-a-big-fat-security-problem-2012-1?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+businessinsider+%28Business+Insider%29
  • Blog Post: Designing for Security

    I just finished reading this article on NoSQL security. It raised a couple of concerns: 1. Systems require security. Hard stop. no if’s and’s or but’s about it. Designing security from the start is a hard task. At Microsoft there are several practices and resources we use to design and evaluate security...
  • Blog Post: Forgot Your Password?

    I’ve seen three basic patterns for handling forgotten web site passwords: Send a change password link to the email address on file Ask one or more challenge questions (or personal information) to unlock the change password screen Send the password, in plain text, to the email address on file There are...
  • Blog Post: Oy vey – Poor Security Habits Highlighted Again

    The March 2011 issues of Database Trends and Application has an article that highlights the results of a new survey of DBAs and DBA Managers that reveals complacency results in lax oversight of sensitive information. You can read the article here . While every aspect of the research finding is is disturbing...
  • Blog Post: Zero Tolerance for Ignorance, Laziness and Unprofessionalism

    How many databases in the world do you think are storing your personal information? Tens? Hundreds? Thousands? I have no clue what the answer is but my guess is it’s closer to thousands than tens. Why is this an interesting question? In my line of work I speak with lots of DBAs and I’m absolutely shocked...
  • Blog Post: Guarding Against SQL Injection

    Securing the database is only part of the security equation, a very important part, but still not the entire picture. DBAs need to educate their developer counterparts on developing secure applications which access the data tier. I would go as far as to put in place a security review process for any...
  • Blog Post: Oracle Warns of Critical DB Server Vulnerabilities

    http://www.eweek.com/c/a/Security/Oracle-Warns-of-Critical-DB-Server-Vulnerabilities/ Excerpt: The database server giant plans to issue patches for at least 41 vulnerabilities "Two of these vulnerabilities may be remotely exploited without authentication, i.e., may be exploited over a network without...
Page 1 of 1 (7 items)