Sensitive Data Must Be Encrypted
The title of this post pretty much says it all. If you store sensitive data in a database you have to work under the assumption that someone is going to try and break into the system and steal that...
View ArticleSecond Edition of Securing SQL Server now longer available for pre-order....
In case you missed the blog post over on securingsqlserver.com, I wanted to repost it here… I’m afraid that I’ve got some bad news. You can no longer pre-order Securing SQL Server 2nd Edition from...
View ArticleOld Web Based Applications Need To Be Removed
What happens to most obsolete web based applications at most companies? They sit idle on a web server for months, sometimes years. Why is this a problem? Because many of these old applications can be...
View ArticleEncrypting data in the same column
I wrote a little while ago about the fact that sensitive data needs to be encrypted within the database for all applications. This is the first technique that is available to you to encrypt data in a...
View ArticleCross Database Chaining
Cross database chaining in SQL Server is actually a fairly old feature, first introduced in SQL Server 2000 SP3. However this feature isn’t often understood mostly because it isn’t often used....
View ArticleWhen Designing Logon Systems, Pay More Attention To Password Questions.
In recent months the Internet has started to wake up to security just a little bit more, and probably forgotten all about it as well (read this, this, this and this if you need a refresher). The big...
View ArticleTwo Factor Authentication Shouldn’t Depend on One Factor
Bank of America has decided to implement two factor authentication on their website when doing specific things like adding a remote account to transfer money to, or when doing a wire transfer...
View ArticleEncryption and Compression
We have a variety of options when it comes to compression and encryption in SQL Server. When using both compression and encryption you have to understand how each of these work and when they wil lwork...
View ArticleChanging your Password on Windows 2012 via RDP
I ran into a problem at a client recently that I’m shocked that I haven’t run across before. I couldn’t figure out how to change my domain password when connected to their servers via remote desktop....
View ArticleLog Shipping Databases and Permissions Problems
Recently I was doing log shipping for a client in preparation to move their databases from one data center to another, when I was asked to change the drive that one of the target databases was being...
View Article