Slammer, Alive…Barely

By now you must have heard of the SQL Slammer worm.  It was quite an infectious little nuisance.  The harm it caused came largely due to unpatched, unprotected SQL Servers.

A Trio of Functions

I found myself perusing an execution plan the other day.  I know, big surprise there.  This execution plan showed me some interesting things I had never really paid much attention to in the past.  When […]

Public Role and Security

A good rule of thumb with the public role is to leave it be.  Do not add permissions to this role.  Add permissions on a per database  and per group of users basis.  Create roles within the database and grant permissions to that role – in each database.  And remember the rule of least privilege – don’t grant more permissions to a user/role than necessary to perform the job function.  Just the same as in an airport – everybody has their role and it is strictly defined.  If the user need not have access – then don’t grant the permissions.

Stored Procedures – Common Security Practice

In SQL Server a good practice is to access the data via calls through stored procedure.  Have a look at the document available in that link. To further this practice, one may create a database […]

Column Level Permissions

Did you know that you can grant permissions down to the column level in SQL Server?   Well, if you didn’t know that – you do now. It is actually rather simple to grant permissions […]

T-SQL Tuesday #17 – APPLY Knowledge

We have another opportunity to write as a part of TSQL Tuesday today.  This month Matt Velic (Blog | Twitter).  Matt has proposed a challenge that was derived from a comment on twitter.  The challenge […]

SSIS Job Ownership

I was strolling along one day when I saw somebody asking how to find out who owns a maintenance plan.  That evolved into finding out who owns the the job associated with the maintenance plan. […]

SQL Server Role Membership

How well do you know the security in your SQL instances?  Do you know who has sysadmin level permissions?  SQL Server provides a few methods for you to find out who is a member of […]

IP and Default Trace…T-SQL Tuesday #005

When it is necessary to provide reports on activity occurring on the server, it pays to do a little prep work. Be Prepared. It is not an easy task to be able to go back in time and report on data that isn’t captured. The little prep work that one may need to do is well worth the effort in the end.