SQL Server (RSS)

SQL Server topics
Finding information about which account xp_cmdshell is running as
If you ever needed to debug a permission related issue when using xp_cmdshell, you have probably realized that a crucial piece of information is about what particular account xp_cmdshell is executing under. If you are the administrator of the database, Read More...
Posted 27 October 09 02:24 by lcris | 0 Comments   
Filed under , ,
SQL Injection watch blog
I was looking for information on a new SQL injection attack when I stumbled upon this very useful blog: http://s3cwatch.wordpress.com/ . It's worth a look from time to time, to get an idea of what attacks are going on in the wild. Read More...
Posted 14 August 09 02:34 by lcris | 0 Comments   
Filed under , ,
Basic SQL Server Security concepts: ownership, CONTROL, TAKE OWNERSHIP
I realized today that while I have discussed earlier object permissions , I have not gone into the details of object ownership. I want to cover the following here: ownership of objects, how it can be changed, and the relatively new permission CONTROL Read More...
Posted 11 August 09 03:39 by lcris | 0 Comments   
Filed under , , ,
SQL Server: Windows Groups, default schemas, and other properties
Exceptions are dangerous because people like to simplify their thinking process using rules, so exceptions always carry the risk of being overlooked. In security, exceptions are a bad thing because they make the model more complex and complex systems Read More...
Posted 22 August 08 04:15 by lcris | 0 Comments   
Filed under ,
SQL Server 2005: How to debug login failures (18456, anyone?)
In my series of new posts on old topics, I decided to gather today several pieces of information that I think will help in debugging SQL Server login failures. Although most information should remain useful for future versions as well, some of it may Read More...
Posted 21 February 08 04:05 by lcris | 0 Comments   
Filed under ,
How to request features in Microsoft products
I want to address the topic of requesting feature changes in Microsoft products, to point to some tools that can help, and to describe ways to use those tools more effectively. This post is based on my experience working on customer requests while being Read More...
Posted 07 February 08 01:49 by lcris | 2 Comments   
Filed under ,
SQL Server 2005: How to debug errors in code that does encryption
Encryption builtin functions in SQL Server have no known issues and, if used properly, they will produce the expected results. However, if they are used incorrectly, it can be hard to figure out what exactly is the problem, so in this post I am going Read More...
Posted 31 January 08 12:36 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: A great post by Aaron Morton about using MARS to access opened keys
Aaron Morton has a very interesting post and demo that show how MARS can be used to access keys temporarily opened by a procedure. This is a must-read for anyone that is interested in implementing custom restrictions around the use of encryption keys. Read More...
Posted 17 January 08 10:20 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: Why you should not encrypt data with certificates
I often recommended to only encrypt data in SQL Server using symmetric keys and to reserve the use of asymmetric encryption for protection of symmetric keys and for signing. In this post, I will go in more detail about why asymmetric encryption is not Read More...
Posted 11 January 08 12:44 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: How to determine the size of a column that will hold encrypted data
This issue has been addressed before on forums, but with the heavy traffic, it can be hard to find the proper post. So, I'll provide some explanations here as well. Note: This article is written with symmetric encryption in mind, but the actual technique Read More...
Posted 11 January 08 11:05 by lcris | 0 Comments   
Filed under , ,
SQL Server 2005: Restoring the backup of a database that uses encryption
I have addressed this topic in previous threads and comments ( here , here , and here , for example), both on this blog and on various forums, but it looks like when you need the answer, it can be hard to dig out. So I'm hoping that by placing these steps Read More...
Posted 16 November 07 11:41 by lcris | 10 Comments   
Filed under , ,
SQL Server 2005: How to recover when the service master key (SMK) is not accessible
I wrote earlier today a reply on this topic on the public forums, but now that I checked, the reply appears to have got lost, although I still entertain the hope it may only have got delayed and will appear there in 24 hours. Anyway, this is the reason Read More...
Posted 14 November 07 01:55 by lcris | 0 Comments   
Filed under , ,
SQL Server undocumented password hashing builtins: pwdcompare and pwdencrypt
First, I must say that I don't know why these exist in an undocumented form. They have been around for a long time and a search on their names gets me back pages of hits. Being undocumented means that their actual implementation may change slightly from Read More...
Posted 31 October 07 11:08 by lcris | 0 Comments   
Filed under , ,
Basic SQL Server Security concepts: SIDs, orphaned users, and loginless users
I am grouping here two topics (orphaned users and loginless users) that are actually very different, but I have often seen confusion between them, so I am covering them together in an attempt to dispel that confusion. In a previous discussion of logins Read More...
Posted 25 October 07 05:42 by lcris | 0 Comments   
Filed under , , ,
SQL Server 2005: A note about the use of certificates
To avoid any confusion, this post is not about the use of certificates for securing the communication between a client machine and the server; instead, this refers to the use of certificates created via the CREATE CERTIFICATE DDL. I am prompted in writing Read More...
Posted 04 October 07 08:59 by lcris | 3 Comments   
Filed under , , ,
More Posts Next page »

Search

This Blog

These posts are provided "AS IS" with no warranties, and confer no rights.

Syndication

Page view tracker