SQL Server Security Tips
Administrators
- Assigning DBA Rights in SQL Server
- Can I stop a System Admin from enabling SQL Server xp_cmdshell?
- Different ways to secure the SQL Server SA Login
- Identify Local Administrators on a SQL Server box using PowerShell
- Secure and disable the SQL Server SA Account
- Security Issues with the SQL Server BUILTIN Administrators Group
- When not to use the sa password in SQL Server applications
- When was the last time the SQL Server sa password changed?
- Who is logging in as the sa login in SQL Server?
Application
Auditing
- Backdoor to Elevate SQL Server Security Privileges
- SQL Server Security Vulnerability Assessment Tool in SSMS 17.4
Certificates
Checklist
Cloud
Configuration
- How to configure SSL encryption in SQL Server
- How to troubleshoot SSL encryption issues in SQL Server
- Is disabling xp_cmdshell in SQL Server really secure?
Connectivity
Cross Database
- Breaking ownership chaining within a schema in SQL Server
- Dynamic SQL and Ownership Chaining in SQL Server
- Options for cross database access within SQL Server
- Ownership chaining in SQL Server security feature or security risk
- Understanding Cross Database Ownership Chaining in SQL Server
Data
- Data cleanup in SQL Server becomes more important with GDPR
- Solving forget me requests for GDPR in SQL Server
- SQL Server Functions to Mask Confidential Data using CLR or PowerShell
Data Masking
- SQL Server Data Masking with DbDefence
- SQL Server Dynamic Data Masking Discovery and Implementation
- SQL Server Static Data Masking Example
Database
- Database level permissions for SQL Server 2005 and 2008
- Giving and removing permissions in SQL Server
- Implicit Permissions Due to Ownership Chaining or Scopes in SQL Server
- SQL Server Database Guest User Account
- Windows Groups to Support SQL Server 2005 Application Security
Database Roles
- Implicit Permissions Due to SQL Server Database Roles
- Nesting Database Roles in SQL Server
- Retrieving SQL Server Fixed Database Roles for Disaster Recovery
- SQL Server Database Users to Roles Mapping Report
- The Power of the SQL Server Database Owner
- Understanding SQL Server fixed database roles
Design
Development
Encryption
- How to Enable Secondary Decryption of SQL Server Symmetric Keys
- Securing and protecting SQL Server data, log and backup files with TDE
- SQL Server Transparent Data Encryption (TDE) Performance Comparison
- Understanding the importance of key length with the SQL Server asymmetric encryption algorithms
- Understanding the SQL Server HASHBYTES hashing algorithms
- Understanding the SQL Server Symmetric Encryption Algorithms
- Using Views to Expose Encrypted Data in SQL Server
Extended Stored Procedure
- Creating a SQL Server proxy account to run xp_cmdshell
- How do I secure a SQL Server extended stored procedure?
- Replace xp_cmdshell command line use with SQL Server Agent
File System
- Accessing the Windows File System from SQL Server
- Auditing Critical Windows Files and Folders for SQL Server
- Retaining File Information for ETL Security Analysis
Functions
Installation
Logins
- Best Practices to Secure the SQL Server sa Account
- Clone a SQL Server login and password to a new server
- Cloning a SQL Server Login with all permissions using PowerShell
- Find All Failed SQL Server Logins
- Find Embedded SQL Server Logins in Jobs, Linked Servers or SSISDB
- Getting Sysadmin Access to SQL Server When Locked Out
- Grant User Access to All SQL Server Databases
- How to Create SQL Server Logins with PowerShell
- Inventory SQL Logins on a SQL Server with PowerShell
- Map between SQL Server SIDs and Windows SIDs
- Prevent and Log Certain SQL Server Login Attempts
- Quickly Find Failed SQL Server Logins Using the Windows Event Log
Migration
Network
- Automated way to get all port information for SQL Server instances
- Configure Windows Firewall to Work with SQL Server
- Creating a Kerberos Delegation Table for SQL Server Access
- Get SQL Server SPN information for all servers using PowerShell
- Network communications mechanisms for SQL Server
- Protecting the SQL Server Backup folder
- Register a SPN for SQL Server Authentication with Kerberos
- Resource Based Kerberos Constrained Delegation
- Script to Check and Auto Generate SPNs for SQL Server
- Understanding When SQL Server Kerberos Delegation is Needed
- Using nmap to scan for SQL Servers on a network
Notifications
- Alerts and Notifications for SQL Server Login, Database User and Role Membership Changes
- Automated WMI Alerts for SQL Server Login Property Changes
- Get Alerts for Specific SQL Server Login Failed Events
Objects
Overview
- Implementing SQL Server Security with Stored Procedures and Views
- Practice of Using Privileged Accounts to Access SQL Server
Passwords
- Add a Salt with the SQL Server HASHBYTES Function
- Encrypting passwords for use with Python and SQL Server
- Generating A Password in SQL Server with T-SQL from Random Characters
- Generating a Password in T-SQL from a Table of Words
- How to configure password enforcement options for standard SQL Server logins
- How to Unlock a SQL Login Without Resetting the Password
- Identify blank and weak passwords for SQL Server logins
- Simple SQL Server Function to Generate Random 8 Character Password
- Storing passwords in SQL Server – things to know to keep the data secure
- Tracking Login Password Changes in SQL Server
- Using PowerShell to Audit for Blank SA Passwords
Permissions
- Application Database Security Design Part 2 - Multiple Levels of Access to SQL Server
- Blocking SQL Server db_datareader, db_datawriter, and db_owner Permissions
- Compare SQL permissions using SQL Server Data Tools
- Determining Permission Issues for a SQL Server Object
- Extend the REVERT statement using the WITH COOKIE clause in SQL Server
- Filtering SQL Server Columns Using Column Level Permissions
- Grant Truncate Table Permissions in SQL Server without ALTER Table
- How come I can create SQL Server objects but not access these objects
- How to Clone a SQL Server Login, Part 1 of 3
- How to Clone a SQL Server Login, Part 2 of 3
- How to Clone a SQL Server Login, Part 3 of 3
- How to use module signing for SQL Server security
- Identifying the Tie Between Logins and Users
- Implementing SQL Server Row and Cell Level Security
- Issues Determining an Individual SQL Server User's Permissions
- Retrieving SQL Server Permissions for Disaster Recovery
- SQL Server EXECUTE AS
- SQL Server nested securable permissions
- SQL Server Permissions Granted to All Users By Default
- SQL Server Permissions List for Read and Write Access for all Databases
- Understanding and dealing with orphaned users in a SQL Server database
- Understanding GRANT, DENY, and REVOKE in SQL Server
- Understanding How A User Gets Database Access in SQL Server
- Verify the databases a SQL Server login can see - and why
Personally Identifiable Information
Planning
Processes
Professional Development
- Protect Confidential SQL Server Data Q and A
- SQL Server Security Community Questions on Windows, Server Level, Database, Roles and more
Regulations
Row Level Security
Schema
- Default Schema for Windows Group in SQL Server
- Script to Set the SQL Server Database Default Schema For All Users
Scripts
- Script out SQL Server Credentials and Proxies
- Script to determine permissions in SQL Server 2005
- Script to Drop All Orphaned SQL Server Database Users
- Script to drop SQL Server login and all owned objects using PowerShell
- Script to move all objects to a new schema for SQL Server
- SQL Server security report to show sysadmins and database owners
Server
- Hiding instances of SQL Server 2005
- How to check SQL Server Authentication Mode using T SQL and SSMS
- Identify SQL Server 2005 Standard Login Settings
- Meltdown and Spectre Vulnerabilities Impact on SQL Server
- Potential Security Exploit Using CONTROL SERVER Permissions in SQL Server
- Server level permissions for SQL Server 2005 and SQL Server 2008
- Skip-2.0 Malware Impacts SQL Server - Should I Be Worried?
- SQL Servers Assessment for the Meltdown and Spectre Vulnerabilities
Server Roles
- Creating a SQL Server 2012 User Defined Server Level Role
- Identifying SQL Server logins with overlapping server roles
- SQL Server User Defined Server Roles
- Tighten SQL Server security with custom server and database roles
- Understanding SQL Server fixed server roles
Service Accounts
- How to Create Secure SQL Server Service Accounts
- How to determine service related privileges for Sql Server service account
- SQL Server Service Account Privileges
- Understanding how SQL Server handles Service Isolation
- Using Group Managed Service Accounts with SQL Server
- Using Managed Service Accounts with SQL Server
- Why System Account is a bad idea for SQL Server Service Account
System
- Enabling xp_cmdshell in SQL Server
- Extended Protection available in SQL Server 2008 R2
- Get Started with SQL Server xp_cmdshell
- How to eliminate SQL Server security issue caused by sp_replwritetovarbin
- New Security Catalog Views in SQL Server 2005 and SQL 2008
Tables
Tools
Troubleshooting
- Cannot make a role a member of itself error in SQL Server
- Correct the SQL Server Authentication Mode in the Windows Registry
- Different Ways to Find SQL Server Orphaned Users
- Get Back into SQL Server After You've Locked Yourself Out
- How to connect to SQL Server if you are completely locked out
- More on Recovering Access to a SQL Server Instance
- Recover access to a SQL Server instance
- Security issues when using aliased users in SQL Server
- SQL Server 7.0 to 2005 Security Vulnerabilities Could Allow Elevation of Login Privileges
- SQL Server errors with drop login and drop user
- SQL Server Login Failure Error 18456, Severity 14, State 10
- SQL Server Login Issue With Default Database
- Steps to Drop an Orphan SQL Server User when it owns a Schema or Role
- Suspect SQL Server 2000 Database (Part 1 of 2)
- Unable to see a SQL Server table
- Why Can't I Set a Default SQL Server Schema for My Windows Group Login?
- Windows cannot access the specified device, path or file error
View
- Filtering Columns in SQL Server Using Views
- Grant limited permissions to create SQL Server views in another schema Part 1
- Grant limited permissions to create SQL Server views in another schema Part 2
Windows