Filtering (obfuscating) Sensitive Text in SQL Server

  A very common concern when dealing with sensitive data such as passwords is how to make sure that such data is not exposed through traces. SQL Server can detect and filter the SQL statements in traces that include the usage of DDL and built-ins (such as OPEN SYMMETRIC KEY, and EncryptByKey) that are known… Read more

Link to Lyudmila’s blog

  My teammate Lyudmila is maintaining her own TechNet blog where she writes articles related to SQL Server security. You can access her blog at Her blog is written in Russian, but the samples she includes should be easy to follow, and you can use an online translation tool for the rest of the text.  … Read more

Accessing the calling context in modules that use EXECUTE AS

  In many occasions, marking a module (i.e. SP, trigger, etc.) with execute as can be really useful as it allows a controlled impersonation during the module execution; but at the same time there are many cases that it is necessary to access information using the caller’s execution context (i.e. revert to the default behavior),… Read more

SQL Server and the Windows Server 2008 Firewall

We’ve long recommended that customers use the Windows Firewall to protect SQL Server installations. Starting with Windows XP/SP2, and continuing with Windows Vista, the firewall has been enabled by default on Windows client operating systems. Windows Server 2008 marks the first time this protection has been extended to a Windows Server OS. For those of… Read more

SQL Server 2005 Encryption – Encryption and data length limitations (feedback page)

  We have received some feedback regarding the “SQL Server 2005 Encryption – Encryption and data length limitations” article, but unfortunately the owner of this blog is no longer a member of our team and we really don’t have access to it in order to answer to your feedback properly.     I would like… Read more

The TRUSTWORHY bit database property in SQL Server 2005

  In SQL Server 2005 we introduced a new database property named TRUSTWORTHY bit (TW bit for short) at the database level in order to work as a safeguard to reduce the default surface area regarding some powerful new features: EXECUTE AS USER and CLR assemblies. These new features are really powerful, but without the… Read more