SearchSQLServer.com

• Home
• Topics
• Microsoft SQL Server Administration
• SQL Server Security
• Basic SQL Server security resources

in one place. Obviously this advice is coming from an MS-centric perspective, which suggests that to get secure is to upgrade to SQL Server 2005, which ships by default in a heavily locked-down configuration. If this isn't practical, it does provide advice for how to keep earlier versions secure.

SQL Security is a great third-party "one-stop-shop" for generic security advice as well, with details about best practices and auditing tools.

Malware applications

SQL-specific malware, like the Slammer worm, are crafted to exploit buffer overflows in SQL Server and allow someone else's code to run (with predictably bad consequences). Net-security.org maintains a list of all SQL worms currently in the wild, along with fixes and detailed briefings about how they work.

Passwords and user accounts

Passwords and accounts must be set up and handled with care to prevent outsiders from gaining access, even if only inadvertently. An article on the SQL Server security model at Developer.com has good advice about how to use SQL Server's native features to prevent user-account-based attacks.

SQL injection

This is one of the sneakiest methods to subvert SQL Server. SQL injection involves submitting malformed data to SQL Server, typically through a Web form, which can be executed as a command. (For instance, SQL injection attacks have been used to subvert the popular phpBB bulleting-board forum software. Even though phpBB uses MySQL, the principles are the same.) The SQL Security site explains how SQL injections work and how to avoid them, including testing tips.

Data protection

Encrypting data and procedures to keep out prying eyes is a new but rapidly-growing field for SQL Server. The full scope of in-database encryption and protection probably deserves its own piece, but SQL Server 2005 now has it as a standard feature to encrypt data and third-party products like SQL Shield offer it for earlier versions of SQL Server.

---

More information from SearchSQLServer.com:

• Tip: Top 10 security enhancements in SQL Server 2005
• Tip: Not upgrading? Keep SQL Server 2000 secure
• Topics: Research best practices for locking down SQL Server

---

 

More from Related TechTarget Sites

• Business Analytics
• Data Center
• Data Management
• Data Management UK
• Oracle
• Content Management
• Windows Server

• Business Analytics

  • Analytics in the cloud drives culture and pricing changes

    One company's pursuit of low-cost cloud computing had a surprising impact on how it sold analytics services.

  • Geospatial data could transform the way government does business

    With the help of geospatial data and visualization techniques, government can make decisions for constituents that are smarter and have more impact.

  • Mobile BI apps move up the corporate priority list

    The growing use of tablet PCs and smartphones is spurring demand for mobile business intelligence capabilities from end users. Are you ready?

• Data Center

  • An in-depth look at IBM's transactional memory support facility

    IBM's zEC12 mainframe introduced support for transactional memory. Learn the basics of Transaction Execution Facility.

  • Introducing the software-defined data center

    The software-defined data center is here to stay, but what does that mean for IT pros?

  • Five examples of doublespeak from cutting edge technology vendors

    The terms used by vendors to describe cutting edge technology are often colorful. Here are five examples and the truth behind the tech.

• Data Management

  • Effective 'big data' strategy helps advertising firm attract clients

    Online advertising company adMarketplace uses a mix of NoSQL and SQL databases in a "big data" environment that feeds its search syndication system.

  • IBM executives, customers share 'big data' tips at Information on Demand

    An IBM VP and a user from Sprint took to the stage at the vendor's Information on Demand conference to offer advice on how to make sense of big data.

  • Zornes connects the dots between big data and master data management

    Consultant Aaron Zornes believes that MDM and big data were made for one another.

• DataManagement UK

  • Big data roundtable webcast: gaining value from big data

    Roundtable discussion on business value of big data, chaired by Brian McKenna, Editor, SearchDataManagementUK, and featuring Mike Ferguson, Roxane Edjlali (Gartner), Joshua LeCure (GlaxoSmithKline).

  • 2012 training courses: BI, data management, data warehousing

    Find out where to hone your business intelligence, data management and data warehouse skills with this list of training courses for 2012.

  • Poor data quality: what is dirty data costing UK organisations?

    Poor data quality can have serious financial consequences for businesses. Read about the current state of data quality management at UK companies, including dirty data problems.

• Oracle

  • Using SQL SELECT and SQL UNION ALL statements to sort numbers

    Expert Dan Clamage explains how to use SQL SELECT and SQL UNION ALL statements to sort and visualize a set of sales figures.

  • Oracle Solaris 11.1 update focuses on database integration, cloud

    The Oracle Solaris 11.1 operating system update is keyed in on integration with Oracle Database and cloud computing features.

  • Oracle E-Business Suite R12 upgrade aided by checklists

    A pre- and post-upgrade checklist will go a long way toward ensuring a successful Oracle E-Business Suite R12 upgrade.

• Content Management

  • Successful social collaboration efforts have common key facets

    Three examples of companies that have taken different routes to implementing enterprise social collaboration demonstrate that they share similarities that might explain their success.

  • Personal privacy an issue in enterprise social plans at multinationals

    Different cultures view personal privacy matters differently. Multinationals wanting improved collaboration must plan enterprise social networks adoption carefully.

  • Three questions bring focus to document imaging, management planning

    Asking three questions about organizational needs helps map out an effective document management and imaging process, says IT consultant Steve Weissman.

• Windows Server

  • FAQ: troubleshooting common errors in Microsoft PowerShell

    In this FAQ, we have our resident PowerShell expert answer some common questions to help admins troubleshoot errors in this scripting language.

  • Shared-nothing live migration increases high availability

    Admins have the option to get shared-nothing live migration. Here's what you need to know about the move, including tradeoffs you should be aware of.

  • Microsoft signals 'Cloud OS' ambitions with Windows Server 2012

    With Windows Server 2012 out, Microsoft solidified its position as a cloud-oriented company. Experts wonder if the move will resonate with customers.

• About Us
• Contact Us
• Site Index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget Corporate site
• Reprints
• Site map