Posts

Performance/ Management Data Warehouse Data Collector & AlwaysOn Availability Groups

This time, we are dealing with the „MDW“, short for Management Data Warehouse,( http://msdn.microsoft.com/en-us/library/bb677306.aspx), which I like to recommend as a minimal performance logging-approach. From time to time, and most recently in the context of my PASS Essential „SQL Server Analysis tools & Techniques for Performance und general Monitoring“, the question arises as to whether […]

SQL Server Database Ownership: survey results & recommendations

You may remember the survey on database ownership which I launched several months ago. In the following, I am now presenting the results and giving my official recommendation for a best practice for security in terms of database ownership. First, if you still need the script:

New Permissions in SQL Server 2014: IMPERSONATE ANY LOGIN, SELECT ALL USER SECURABLES, CONNECT ANY DATABASE and the old CONTROL SERVER

SQL Server 2014 brings altogether 5 new permissions. Two of those are on database level and only available in the Windows Azure SQL Database Edition – not in the box-version.

DISABLE and DENY LOGIN, DENY USER & Effect on Impersonation and Permissions

A short article on the effects – or missing effects – regarding the disabling & denying connect of Logins & Users on impersonation and permission. Every once in a while one can observe that Logins or Users have been denied the Connect permission or a Login has been disabled. Therefore a correct expectation and understanding […]

SQL Server Row- and Cell-Level Security – Disclosure vulnerability

It’s time for another post on security matters. And through a forum-thread on data-driven security by the means of views using the IS_MEMBER(), USER_NAME(), SUSER_SNAME() – functions, I came up with the idea of giving a short example how such constructs can easily be circumvented and the protected/hidden data become disclosed, when not being secured […]

Security-Check-Script & Survey: SQL Server Security – Database-Owners, critical Permissions and role membership

In this survey, I would like to explore in a greater radius which accounts are typically used as database owners. I will subsequently publish the cumulated results here to share them with the community together with some recommendations for hardening security. In this instance, particular server-wide permissions both of the used account as well as, […]

Where are the scripts to the session „SQL Attacked/Hacking SQL Server“ ? ;-)

Subsequent to the lectures from my “Hacking SQL Server” series “Security Session „SQL Attack..ed“ – Attack scenarios on SQL Server (“Hacking SQL Server”)” which I have already given at the SQLSaturdays Rheinland, Istanbul, at the SQLRAlly Amsterdam and at many regional groups of PASS Germany, more often than not the question arises whether I make […]

Security-Session: “SQL Server under Attack” this November @ SQL Rally Amsterdam

Alright, this is going to be the by far most active year in terms of speaking at international conferences: After 6 conferences last year, including SQL Rally Nordic, which I really liked a lot, I had to decide between SQL Rally Nordic again or SQL Rally Amsterdam or even both.

Conferences 2013: Frankfurt Database Days and a couple of “Oracle-Moments”

I usually try to announce my conference participation in advance in order to give readers a chance to possibly plan them. Due to a severe lack of time and because I jumped in spontaneously for an absent speaker only a week before the conference, I didn’t manage to give you a heads-up this time.

Sessions at the SQLCon 2011

This year, too, I am going to be present with two sessions until now at the SQL Con 2011 (26-29 September) in Mainz. Update (09/2011): I cancelled the presentation on “Reporting Services in SQL Server Denali” in favor of a topic I feel even more strongly about. (Besides, the Reporting Services themselves will hardly go […]