SQL Server undocumented password hashing builtins: pwdcompare and pwdencrypt

First, I must say that I don’t know why these exist in an undocumented form. They have been around for a long time and a search on their names gets me back pages of hits. Being undocumented means that their actual implementation may change slightly from one version of SQL Server to another, mainly because the…

1

Basic SQL Server Security concepts: SIDs, orphaned users, and loginless users

I am grouping here two topics (orphaned users and loginless users) that are actually very different, but I have often seen confusion between them, so I am covering them together in an attempt to dispel that confusion. In a previous discussion of logins and users, I pointed out that the way a login gets mapped to users…

0

SQL Server 2005: A note about the use of certificates

To avoid any confusion, this post is not about the use of certificates for securing the communication between a client machine and the server; instead, this refers to the use of certificates created via the CREATE CERTIFICATE DDL. I am prompted in writing this post by a recent question I just saw, which I know I answered many…

5

SQL Server 2008: Transparent data encryption feature – a quick overview

I have kept silent on this feature while it was being developed, but as it has now been publicly advertised in various ways (being mentioned here, here, here, and here, for example), I think it is probably time to write a bit about it. Given that my posts so far have covered SQL Server 2005, I’ll point…

4