Security

Learn how to store password hashes in SQL Server using the HASHBYTES function as well as a salt to encrypt the password.

In a database I was able to create a stored procedure. However, when I went to execute the stored procedure, SQL Server told me I didn't have permission to do so. Is this a bug or did I do something wrong? In this tip we look at this issue.

We have over a hundred SQL Server instances covering versions SQL 2000 to SQL 2012. We want to pass the User or Computer credentials from one Service to another SQL Service on a remote computer This can lead to authentication and access problems and we fi

We have over a hundred SQL Server instances with versions running from SQL 2000 to SQL 2012 Availability Groups. The issue is that we want to use Kerberos Authentication for remote client connections to the SQL instances whenever possible. In this tip we

I have to install a new Microsoft SQL Server box and configure it as a production server. I know that there are many security related settings and I do not want anyone to hack the system on the first day on the network. Which are the basic steps to harden

Learn how SQL Server handles service isolation for logins tied to NT service accounts.

In this tip we look at how to setup secondary encryption and decryption keys that can allow a user to access data that was encrypted by multiple methods.

You may come across or even inherit a system where many of the users have different default schemas. In this tip, we show how you can dynamically update every user to use the same schema.

I have used SQL Server's built-in encryption to hide data in one of my SQL Server databases, such as demonstrated in this article: SQL Server Encryption to Block DBAs' Data Access. The problem is that this is a reporting system and my end users need to be

I have a security problem. Users have the ability to access the tables in a database with one exception. No matter what permission I grant or what role I give within the database, users are still denied access. I've even made users a member of the db_owne

I have SQL Server databases with top secret, secret and unclassified data. How can we establish custom SQL Server data classification schemes for implementing need to know access to data in specific tables? Check out this tip to learn more.

I had the privilege to attend K. Brian Kelley's MSSQLTips.com Q&A session on SQL Server security. I understand he was bombarded with security questions about Windows, Active Directory, Service Accounts, SQL Server Server Level, SQL Server Database Level,

I'm trying to use SQL Server's built-in encryption and I see there are three different options available for an asymmetric key, corresponding to key length. In this tip we cover which option to use.

I'm trying to use SQL Server's built-in encryption and I see there is an assortment of algorithms available. What is the difference between each one? In this tip we cover all of the options.

I'm trying to use the HASHBYTES() function and I see there is an assortment of hashing algorithms available. What is the difference between each one? In this tip we cover which option to use.

We have an audit requirement to disable xp_cmdshell. However, I've read that a member of the sysadmin role can re-enable xp_cmdshell. Is there any way to prevent this from happening?

Check and configure SQL Server to use Windows Authentication with Kerberos instead of NTLM with setspn for SQL Server.

I have a couple of databases supporting applications. The first application requires that it's user be a member of the db_owner role. The second application actually has to own the database. What are the effects of having such permissions? Check out this

I'm in a dilemma. In a database I currently support, the application makes use of db_datareader and db_datawriter to give permissions to the tables. In a different database, it's even worse as the application uses db_owner. We're adding new tables to both

I'm having a bit of trouble understanding how GRANT, DENY, and REVOKE work together in SQL Server, especially when you consider things like schemas. Which setting trumps the others? How do I undo security? In this tip we look at an example of how these wo

I always wanted to find a way to track all SQL Server logins which have either the same password or a blank password. It's a precautionary measure to avoid any hacking as well as ensuring our SQL Server environment is secure. During one of my assignments,

I want to backup my SQL Server databases to a folder, but I want to minimize who has access to the folder. In other words, I want to make sure that members of the Windows Local Administrators group don't get to the backups without intentionally trying to

I need to automate the auditing of my SQL Servers for blank sa passwords. What's the best way to do this? Are there any options in PowerShell? Check out this tip to learn more.

Starting with SQL Server 2008, the local Administrators group is no longer added by default during SQL Server setup; you even have to use a manual step to add the current user as a local administrator. This means that it is possible, especially if you don