TechNet Webcast: Configuring with Least Privilege in SQL Server 2008

I recently presented a TechNet Webcast on the topic “Configuring with Least Privilege in SQL Server 2008”. The topics covered in the Webcast are:- 1. Configuring SQL Server service accounts with least privilege. Service isolation is also explained. 2. Configuring accounts connecting to SQL Server from a Web application (Principals) with least privilege. 3. Running…

0

Catch the Security Flaw(s) #4

Identify as many security issues as you can with this piece of code:- 1:     [WebMethod] 2: public string GetEmpName(string empid) 3: { 4: SqlConnection con = new SqlConnection(“server=.;database=test;uid=sa;pwd=PassW2rd12”); 5: SqlCommand cmd = new SqlCommand(“select username from users where id = ” + empid, con); 6: con.Open(); 7: string empname = (string)cmd.ExecuteScalar(); 8: con.Close(); 9: return…

4

How To: Run Sql Server Agent and Sql Server Jobs with least privilege in Sql Server 2005

How to: Run Sql Server Agent service under an account which is not a member of the local administrators group 1.       Add the account under which you want to run the Sql Server agent service in the SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER group. This group is pre-configured with all the required permissions to run the service. Make sure the…

7