Tag Archives: security

Security Leaks from Websites

One of the main issues with connecting databases to the Internet is that if a hacker finds a way to get access to the database with credentials, perhaps using a well known account (*cough* sa *cough*) and a weak password, … Continue reading

Posted in Editorial | Tagged | 1 Comment

Keyboard Hardlines

A few years ago, I had a keyboard die. At the time, I needed something quickly and ended up with a Logitech wireless model that included a mouse. I’m not sure of which model, but I’ve ended up getting two … Continue reading

Posted in Editorial | Tagged | 2 Comments

Passwords Under Pressure

What should we do about passwords? They’re a thorn in the side of administrators trying to keep systems secure, but they’re also an issue for users. Not for most of our users, but certainly for some. In hospitals, or other … Continue reading

Posted in Editorial | Tagged | Leave a comment

Deploying Row Level Security with SQL Compare

Row Level Security (RLS) is a great new feature in SQL Server 2016. It’s been in Azure SQL Databases for some time, but we now have it on premise. It’s easy to setup and use, and worth taking a look … Continue reading

Posted in Blog | Tagged , , , , | Leave a comment

Security is Getting Serious

OK, if we can’t trust computer chips, what do we do? It almost feels like the security war to protect information, or at least keep it private, might be lost before our very eyes in the next decade. There’s a … Continue reading

Posted in Editorial | Tagged | Leave a comment

DevOps and Security

DevOps is a buzzword these days, and like many of the hyped concepts written about, it has a lot of meanings. There is this idea releasing software more often, using automation, having various groups talk to each other, and more, … Continue reading

Posted in Editorial | Tagged , | Leave a comment

The Penalty for a Data Breach

Many of us that work with data are somewhat insulated from the effects of a data breach. Each of us is responsible for writing software, managing the database platform, perhaps even in charge of configuring security. However, in the event … Continue reading

Posted in Editorial | Tagged | 2 Comments

Paying for Data

Would you recommend your organization pay a ransom to get the key to decrypt data that’s become encrypted on your database systems? What if the data were encrypted in backups going back two weeks? It’s an interesting question, and one … Continue reading

Posted in Editorial | Tagged , | Leave a comment

Half Baked Features

I gave a talk recently on some of the data protection features being added in SQL Server 2016, along with a few that have been available for some time. I think the talk went well, but I point out lots … Continue reading

Posted in Editorial | Tagged ,

The Proliferation of Roles

The best practice guidance for SQL Server security is to use roles for permissions, instead of granting rights to users. I’ve always followed this guidance in my career. I’ve learned that if one person needs access, sooner or later someone … Continue reading

Posted in Editorial | Tagged