September 2007 - Posts

Security and copy protection

I have been watching the SQL Server Security forum for several years now and there is one question that gets spawned about once a month under different titles. It invariably begins with a request for guidance on how to secure access to a database, which Read More...

Posted 24 September 07 03:57 by lcris | 0 Comments   
Filed under SQL Server - security, SQL Server, computer security

Basic SQL Server Security concepts - ownership chaining: good and evil; schemas

At some point during SQL Server's history, its designers must have confronted the following problem: how to give someone permission to see parts of a table without giving him any permission on the table? Slices of a table are easily defined using views, Read More...

Posted 13 September 07 11:37 by lcris | 0 Comments   
Filed under SQL Server - security, SQL Server, computer security, basic SQL Server security concepts

Basic SQL Server Security concepts - permissions and special principals: sa, dbo, guest

In a previous post , I talked about the various types of principals in SQL Server. Let's have a further look in this post at permissions and at some of the hardcoded principals that ship with any installation of SQL Server. Permissions are what allow Read More...

Posted 12 September 07 03:12 by lcris | 0 Comments   
Filed under SQL Server - security, SQL Server, computer security, basic SQL Server security concepts

Search

This Blog

• Home
• About

Tags

• announcements
• basic SQL Server security concepts
• bing
• computer security
• encryption
• Microsoft products
• search engines
• software engineering
• SQL Server
• SQL Server - cryptography
• SQL Server - general
• SQL Server - security

Archives

• October 2009 (3)
• August 2009 (2)
• July 2009 (1)
• June 2009 (1)
• August 2008 (2)
• June 2008 (1)
• May 2008 (1)
• April 2008 (1)
• March 2008 (1)
• February 2008 (5)
• January 2008 (4)
• November 2007 (2)
• October 2007 (4)
• September 2007 (3)
• July 2007 (1)
• April 2007 (2)
• March 2007 (1)
• February 2007 (2)
• December 2006 (1)
• November 2006 (1)
• October 2006 (3)
• July 2006 (2)
• May 2006 (1)
• April 2006 (2)
• March 2006 (2)
• January 2006 (1)
• December 2005 (5)
• October 2005 (3)
• September 2005 (5)
• July 2005 (1)
• June 2005 (4)

Security related links

• NSA Security Configuration Guides
• Bruce Schneier's blog
• Bruce Schneier's Crypto-Gram newsletter
• RISKS Digest

Software engineering links

• Motley says

SQL Server security links

• Raul Garcia's blog (SQL Server Security)
• SQL Server Security Team blog
• SQL Server Security forum on MSDN
• SQL Injection Watch List

Useful Microsoft links

• Product Feedback site
• Microsoft Technical Forums
• Security Vulnerabilities reporting site
• Security Development Lifecycle blog
• Secure Windows Initiative blog
• Microsoft Security Advisories

Syndication

• RSS 2.0
• Atom 1.0