Using a digital signature as a secondary identity to replace Cross database ownership chaining

  In SQL Server 2000, Cross database ownership chaining (CDOC) was a mechanism used to allow access (DML access) to resources on different DBs without explicitly granting access to the resources (such as tables) directly.     Unfortunately CDOC is a feature that Microsoft does not recommend as it has some serious security risks inherent…

5

Quick guide to DB users without logins in SQL Server 2005

  SQL Server 2005 introduced a new SQL DB principal subtype that can be quite useful: a SQL user that is not mapped to any login. You may be asking yourself “Why is this feature interesting? after all SQL Server already had the ability to create SQL users”, well, to answer this question I would…

9

How to distribute digitally signed SQL modules

Digital signatures in SQL Server 2005 modules can be used to extend the privileges of the caller for the duration of the call. This feature enables the ability to create an application that can enable authorized callers to access resources (such as tables, symmetric keys, etc.) that otherwise would require highly escalated privileges.   While…

1

SQL Server 2005 –Encrypting data on existing applications

SQL Server 2005 encryption requires the application to be aware of it and to decrypt the data before it can be consumed as well as encrypt (and verify that the encryption call succeeded) before storing it.   When you are writing new schemas and new applications you can design them with encryption in mind, but…

6

Link to Laurentiu’s blog

I am including a link to Laurentiu Cristofor’s blog: http://blogs.msdn.com/lcris. Laurentiu is one of the most valuable contributors in the SQL Security forums, and his articles and demos are great resources for anyone interested in SQL Server security   I would also like to add a link for a blog that unfortunately has been discontinued, but has…

0

Indexing encrypted data

Encrypted data and indexes   One thing I have been asked many times is how to create an index on top of encrypted data in SQL Server 2005.  In SQL Server 2005 the encryption functions are nondeterministic, which means that every time a function is called, the output will be different, even if exactly the…

10