The SQL Rally (#sqlrally) voting as started, and I’ve got a session up for...
The SQL PASS organization has taken a different approach to session selection for the SQL Rally than they normally do for the annual summit. Instead of a full program committee which selects sessions...
View ArticleI’ll be at SQL PASS 2012, will you?
It appears that I’ve been selected to give a couple of presentations at the premier Microsoft SQL Server conference again this year. At the 2012 SQL PASS Summit in Seattle, WA this year I’ll be...
View ArticleSecurity Sessions at SQL PASS 2012
The SQL PASS session list for the SQL PASS 2012 Summit has been released. This year there are 192 sessions being presented at the SQL PASS summit. Last year at the 2011 summit there were only a...
View ArticleWhy is SQL Injection still a problem?
SQL Injection is probably the most popular attack vector for hackers when they attempt to break into databases. The reason for this is that it is so easy for an attacker to gain access to the system,...
View ArticleSensitive Data Must Be Encrypted
The title of this post pretty much says it all. If you store sensitive data in a database you have to work under the assumption that someone is going to try and break into the system and steal that...
View ArticleSecond Edition of Securing SQL Server now longer available for pre-order....
In case you missed the blog post over on securingsqlserver.com, I wanted to repost it here… I’m afraid that I’ve got some bad news. You can no longer pre-order Securing SQL Server 2nd Edition from...
View ArticleClik here to view.
Old Web Based Applications Need To Be Removed
What happens to most obsolete web based applications at most companies? They sit idle on a web server for months, sometimes years. Why is this a problem? Because many of these old applications can be...
View ArticleEncrypting data in the same column
I wrote a little while ago about the fact that sensitive data needs to be encrypted within the database for all applications. This is the first technique that is available to you to encrypt data in a...
View ArticleCross Database Chaining
Cross database chaining in SQL Server is actually a fairly old feature, first introduced in SQL Server 2000 SP3. However this feature isn’t often understood mostly because it isn’t often used....
View ArticleClik here to view.
When Designing Logon Systems, Pay More Attention To Password Questions.
In recent months the Internet has started to wake up to security just a little bit more, and probably forgotten all about it as well (read this, this, this and this if you need a refresher). The big...
View ArticleTwo Factor Authentication Shouldn’t Depend on One Factor
Bank of America has decided to implement two factor authentication on their website when doing specific things like adding a remote account to transfer money to, or when doing a wire transfer...
View ArticleClik here to view.
Encryption and Compression
We have a variety of options when it comes to compression and encryption in SQL Server. When using both compression and encryption you have to understand how each of these work and when they wil lwork...
View ArticleClik here to view.
Changing your Password on Windows 2012 via RDP
I ran into a problem at a client recently that I’m shocked that I haven’t run across before. I couldn’t figure out how to change my domain password when connected to their servers via remote desktop....
View ArticleClik here to view.
Log Shipping Databases and Permissions Problems
Recently I was doing log shipping for a client in preparation to move their databases from one data center to another, when I was asked to change the drive that one of the target databases was being...
View Article