SQL Server Security team is starting a new blog

  First of all, I am really sorry for not writing anything for quite a long time.     The SQL Server Security team is starting a new blog: SqlSecruity. Starting today I will be writing all the new SQL Server articles in the new SQL Server Security blog, and I am keeping this blog for…

1

Link to MSDN forum discussion: "Yet another question on Application security…. "

   I am adding a link to one of the MSDN SQL Server Security forum discussion regarding application security (i.e. restricting access to database resources based on the application): Yet another question on Application security….       Please feel free to post any additional questions or feedback either on the forum or on this space.    …

2

Disaster Recovery: What to do when the SA account password is lost in SQL Server 2005

You may have faced the issue of losing the SQL Server SA password. Perhaps you followed the security best-practice of removing the  builtin\Administrators from the sysadmin server role,  and no one  you can find is in the sysadmin role.   At this point you may think that your only options are to reinstall SQL Server and…

19

Dynamic SQL and digital signatures in SQL Server 2005

   As I already mentioned, dynamic SQL is a quite powerful, but also quite dangerous. In SQL Server 2005 we introduced a new feature that is also quite powerful and when used properly can be quite useful; but it is important to learn and understand any such feature in order to use it properly.  In…

5

After a long delay, I am ready to start posting again

  I know it has been quite some time since I added any new content, I sincerely apologize for that, but I have the next article ready and I will be posting it quite soon.     Please let me know if there is any topic you will like to discuss in more detail for…

0

Dynamic SQL & SQL injection

  I know there are a lot of papers that talk about dynamic SQL in more depth than what I am going to cover, but as SQL injection is still one of the biggest security problems in the relation databases world, that I decided to include this part as a quick (and hopefully helpful) reminder.  …

10

Let’s talk about Dynamic SQL (preamble)

  I want to talk about how dynamic SQL is affected by the execution context, but as this is a huge and broad topic I am going to divide this topic into multiple parts and write different posts for each one of them, focusing in one aspect of dynamic SQL at a time. Dynamic SQL…

1