SQL Server security in virtual, physical worlds similar

SQL Server security issues in virtualized environments pretty much mirror the challenges in physical environments, experts say. Standard security guidelines apply.
Cloud security terrifies, but less control is real fear

The primary obstacle to SQL Azure security is not specific security gaps, but rather DBAs' reluctance to give up control over SQL Server environments.
Securing SQL Server: Quick, easy, routinely ignored

A recent wave of high-profile attacks has highlighted the importance of securing SQL Server. But protecting the database application is something most companies have historically overlooked.
Securing SQL Server data in the cloud: a few pointers

Few concerns swirling around Microsoft cloud computing are more consuming than securing SQL data in the cloud. Can it be done? Certainly, but it’s not to be taken lightly.

SQL Server Security

Essential Knowledge
News
Tips
Expert Advice
Definitions
All

Vulnerable stored procedures

Learn about security vulnerabilities in SQL Server Stored procedures in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
Defending against SQL injection

Learn how to defend against SQL injection in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
SQL injection

Learn about SQL Server injection in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
How SQL Server hackers cover their tracks

Learn how a SQL Server attacker can cover their tracks in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
Time delay SQL injections

Learn about time delays in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
System-level SQL Server attacks

Learn about system-level SQL Server attacks in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
Exploiting SQL Server design flaws

Learn how attackers may exploit SQL Server design flaws in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Chapter
Port scanning for SQL Server services

Learn about port scanning for SQL Server services in this excerpt from "The Database Hacker's Handbook: Defending Database Servers" by David Litchfield, Chris Anley, John Heasman and Bill Grindlay. Book Excerpt
SQL Server Security Learning Guide

SQL Server is a popular target to Internet hackers. Make sure SQL Server is locked down from the get-go and continually hardened to prevent attacks. Learning Guide
SQL Server Security School: Class syllabus

Securing SQL Server is a top concern among most DBAs. In this four-part series, SQL Server security expert Chip Andrews walks you best practices for database security. Learn more about your professor and see which lessons are coming up here. School
See More: Essential Knowledge on SQL Server Security

Securing SQL Server: Quick, easy, routinely ignored

A recent wave of high-profile attacks has highlighted the importance of securing SQL Server. But protecting the database application is something most companies have historically overlooked. News | 05 Dec 2011
Unpatched vulnerability discovered in Microsoft SQL Server

Database security vendor Sentrigo today released some detail about a flaw discovered a year ago in Microsoft SQL Server that exposes passwords stored in memory as cleartext. Microsoft is not planning to patch this flaw. Sentrigo released a free utili... Article | 02 Sep 2009
Blog: Protect your databases from the internal threat

Studies show that the effort to keep databases more accessible can in turn make them more vulnerable to hackers as well as those on the inside. News | 01 Sep 2009
Litchfield: Database security is IT's biggest problem

Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data. Article | 02 Aug 2006
Oracle patches 82 critical flaws

Attackers could exploit the latest Oracle vulnerabilities to access sensitive information, overwrite files or launch SQL injection attacks in numerous applications, including PeopleSoft and JD Edwards. Article | 18 Jan 2006
Expert: Lengthy logs not always a good thing

Regulatory compliance experts often stress the importance of detailed log keeping. But one legal expert warns too much detail can be used to stifle free speech. Article | 15 Dec 2005
SQL Server password policies and credentials

Learn about SQL Server password policies and credentials in this excerpt from "A First Look at SQL Server 2005 for Developers." Article | 28 Jun 2005
A quick review of SQL Server security concepts with enhancements

Get a quick review of SQL Server security concepts with enhancements in this excerpt from "A First Look at SQL Server 2005 for Developers." Article | 28 Jun 2005
Permissions, visibility, UDTs and user-defined aggregates

Learn about permissions, visibility, UDTs and user-defined aggregates in SQL Server 2005 in this excerpt from "A First Look at SQL Server 2005 for Developers." Article | 28 Jun 2005
Optional features are turned off by default

Find out which optional features are turned off by default in SQL Server 2005 in this excerpt from "A First Look at SQL Server 2005 for Developers." Article | 28 Jun 2005
See More: News on SQL Server Security

Securing SQL Server data in the cloud: a few pointers

Few concerns swirling around Microsoft cloud computing are more consuming than securing SQL data in the cloud. Can it be done? Certainly, but it’s not to be taken lightly. Tip
For better SQL Server security, get Extended Protection

Want to ensure SQL Server security? Well, it just got a little easier. Extended Protection guards against attacks targeting the SQL Server database engine through enhanced security features in the Integrated Windows Authentication process. Tip
SQL Server merge replication using IIS

In older versions of SQL Server, securely replicating data between sites or companies was not easy to do. Microsoft SQL Server merge replication simplifies the process using Internet Information Services (IIS). Tip
Do you need to harden SQL Server 2008 R2?

Some say systems like R2 come so secure out of the box that traditional hardening need not apply. But when it comes to security, there’s still plenty to do beyond the defaults. Tip
Walking through the database auditing process for SQL Server 2008 R2

SQL Server 2008 R2 features powerful tools for creating database auditing policies that can be implemented using either SQL Server Management Studio or T-SQL scripts. Tip
Top hacker tricks to exploit SQL Server systems

Stay one step ahead of attackers by testing your SQL Server systems against some of the most common hacking techniques. Tip
SQL injection tools for automated testing

Manual testing for SQL injection requires a lot of effort with little guarantee that you'll find every vulnerability. Fortunately, there is a better way. Tip
The ultimate SQL Server security faux pas: Overlooked systems

Maintaining a secure environment means not only shoring up your highly visible systems, but also staying on top of the smaller installations that tend to slip through the cracks. Tip
Database encryption in SQL Server 2008: Improvements you finally need

Is TDE in SQL Server 2008 really the Holy Grail of database encryption features? Tip
SQL sprawl: Why is SQL Server Express installed everywhere?

Too many installations of SQL Server Express can put your data at risk – especially if admins aren't aware of where those installations live. Tip
See More: Tips on SQL Server Security

Can I encrypt and restore a database backup in SQL Server 2005?

Discover the best solutions for encrypting, decrypting and restoring a database in SQL Server 2005. Ask the Expert
Creating a SQL Server user authentication schema

Learn how to create a SQL Server user authentication schema having password and tracked data changes requirements and how it involves Windows authentication. Ask the Expert
Creating a login in SQL Server 2000 Enterprise Manager

Find how to create a SQL Server 2000 login account and then set user account rights to specific databases with "db_owner." Ask the Expert
SQL Server connection lost when SA password is changed

Learn why SQL Server 2000 connection is lost on the client side when database administrator changes 'SA' password on the SQL Server domain. Ask the Expert
Could a join of encrypted SQL Server data have a problem?

When encrypting SQL tables that have joins in SQL Server 2000, learn about possible problems that may arise with different data values in those tables. Ask the Expert
How to set SQL Server password for SA login

Learn how to set a SQL Server password to an SA login and why you can not set this account for access to separate SQL Server databases. Ask the Expert
Should developers have permissions to SQL Server production queue?

Should developers be granted permissions to production queue in a SQL Server environment? See why expert Greg Low suggests proc access by WITH EXECUTEAS. Ask the Expert
SQL Server id permission to create and modify tables

A SQL Server application that needs user permission to create and modify tables in SQL Server 2005 may be handled best via a schema. Ask the Expert
Limit SQL Server admin permissions for domain accounts

What is the best practice for using domain accounts such as those with domain admin permissions for SQL Server service accounts? Ask the Expert
Set SQL Server password on database in version 7.0

How can we set a password on a database in SQL Server 7.0? Ask the Expert
See More: Expert Advice on SQL Server Security

data corruption

Word
data hiding

Word

SQL Server security in virtual, physical worlds virtually the same

SQL Server security issues in virtualized environments pretty much mirror the challenges in physical environments, experts say. Standard security guidelines apply. Feature
SQL Azure security terrifies IT, but loss of control might be real fear

The primary obstacle to SQL Azure security is not specific security gaps, but rather DBAs' reluctance to give up control over SQL Server environments. Feature
Securing SQL Server: Quick, easy, routinely ignored

A recent wave of high-profile attacks has highlighted the importance of securing SQL Server. But protecting the database application is something most companies have historically overlooked. News
Securing SQL Server data in the cloud: a few pointers

Few concerns swirling around Microsoft cloud computing are more consuming than securing SQL data in the cloud. Can it be done? Certainly, but it’s not to be taken lightly. Tip
For better SQL Server security, get Extended Protection

Want to ensure SQL Server security? Well, it just got a little easier. Extended Protection guards against attacks targeting the SQL Server database engine through enhanced security features in the Integrated Windows Authentication process. Tip
SQL Server merge replication using IIS

In older versions of SQL Server, securely replicating data between sites or companies was not easy to do. Microsoft SQL Server merge replication simplifies the process using Internet Information Services (IIS). Tip
Do you need to harden SQL Server 2008 R2?

Some say systems like R2 come so secure out of the box that traditional hardening need not apply. But when it comes to security, there’s still plenty to do beyond the defaults. Tip
Walking through the database auditing process for SQL Server 2008 R2

SQL Server 2008 R2 features powerful tools for creating database auditing policies that can be implemented using either SQL Server Management Studio or T-SQL scripts. Tip
Top hacker tricks to exploit SQL Server systems

Stay one step ahead of attackers by testing your SQL Server systems against some of the most common hacking techniques. Tip
SQL injection tools for automated testing

Manual testing for SQL injection requires a lot of effort with little guarantee that you'll find every vulnerability. Fortunately, there is a better way. Tip
See More: All on SQL Server Security

About SQL Server Security

Protect your database and SQL Server environment with these tips and articles. Have you considered database attack vulnerabilities? SQL Server security issues discussed here include SQL injection, how to lock down SQL Server and how to meet compliance laws. Learn how to improve database security practices with software security tools for testing, code hardening and the Surface Area Configuration feature in SQL Server 2005. Understand the need for data encryption in SQL Server security and get methods to implement it. Also discussed in the topics section are SQL Server password and permissions issues. Ultimately, you'll prevent attacks from malicious hackers.

Latest Headlines

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

SQL Server Security

About SQL Server Security

More from Related TechTarget Sites