Security

This tip shows how you can use EXECUTE AS in SQL Server to allow users to run code without having to elevate their privileges on all impacted objects.

Not knowing which applications or people on your team that are using the sa login should be a major cause for concern in security conscious organizations. If the password for this standard SQL Server login is known by more than 1 team member, tracking ch

In your recent tip (Suspect SQL Server 2000 Database) you outlined a suspect database scenario. I took a look at the script and tried to run it in my environment. Unfortunately, this did not resolve my issue. Are you aware of other causes of SQL Server

In all of my ASP applications I need to have at least basic security, how can I do so in simple manner? The reality is that in the majority of my applications I need membership, profiles, role management and personalization, are any applications availabl

Read this tip to learn how to hide instances of SQL Server so they are not seen on the network.

SQL Server 2005 Books Online indicates that the SQL Server service account requires permission to start the following related services (among many other requirements): SQL Server Active Directory Helper and SQL Server VSS Writer services. How can I verify

Who invited all of these guests to my database? Did you know that the guest user account even exists in your SQL Server databases? Do you know that SQL Server needs the guest user account for particular functionality that differs in SQL Server 2000 vs.

Where can I find the SQL Server 2005 installation log files to ensure no sensitive data, specifically clear text passwords, are stored in these files? I can remember from earlier versions of SQL Server that sensitive data, specifically clear text passwor

With the rights that the sa login has by default in SQL Server, it is imperative to change this password on a regular basis whether it is monthly, quarterly or semi-annually. In addition, as DBAs move on to other opportunities, it is wise to change the s

Often times when auditing SQL Servers I notice that most environments use the default database roles to grant access to users. These default roles such as db_owner, db_datareader and db_datawriter are great, but often times they give the users a lot more

Since SQL Server uses the sa SQL Server standard login when mixed mode authentication is selected during the installation process. Since it is a known and common entity, this login is a natural target to try to penetrate SQL Server. With many of the SQL

Extended stored procedures in SQL Server 2000 were the only option to extend the capabilities of the relational engine such as access to the file system or to send and receive emails directly in SQL Server. Securing these objects is not straight forward

Have you had an issue trying to find out how to assign rights for some of the new applications (SQL Server Integration Services, Full Text, OLAP, Express, Reporting Services, etc.) in SQL Server 2005? If so, you are not alone. With SQL Server 2005, some

The principal of least privileges is a cornerstone to most security implementations. The premise behind the principal is to only grant users, developers, DBAs, network administrators, etc. the needed rights and nothing more. With SQL Server 2000 and 2005