As it has almost become a habit by now for me, I will be touring Asia this summer. This year not only Asia, but for the first time also Australia. (There, however, is winter, which sometimes leads to funny confusion in agreements until you get used to this.) 1st stop: Singapore – Azure SQL Database […]
Introduction With the upcoming implementation of the European General Data Protection Regulation (GDPR) in May 2018, having a security concept in place is essentially required by law. Microsoft SQL Server, just like other database systems, carries the main asset to protect: the data itself. Therefore, it is time for an article from a more strategic […]
It’s time for another post on security matters. And through a forum-thread on data-driven security by the means of views using the IS_MEMBER(), USER_NAME(), SUSER_SNAME() – functions, I came up with the idea of giving a short example how such constructs can easily be circumvented and the protected/hidden data become disclosed, when not being secured […]
In this survey, I would like to explore in a greater radius which accounts are typically used as database owners. I will subsequently publish the cumulated results here to share them with the community together with some recommendations for hardening security. In this instance, particular server-wide permissions both of the used account as well as, […]
Subsequent to the lectures from my “Hacking SQL Server” series “Security Session „SQL Attack..ed“ – Attack scenarios on SQL Server (“Hacking SQL Server”)” which I have already given at the SQLSaturdays Rheinland, Istanbul, at the SQLRAlly Amsterdam and at many regional groups of PASS Germany, more often than not the question arises whether I make […]
Alright, this is going to be the by far most active year in terms of speaking at international conferences: After 6 conferences last year, including SQL Rally Nordic, which I really liked a lot, I had to decide between SQL Rally Nordic again or SQL Rally Amsterdam or even both.
I usually try to announce my conference participation in advance in order to give readers a chance to possibly plan them. Due to a severe lack of time and because I jumped in spontaneously for an absent speaker only a week before the conference, I didn’t manage to give you a heads-up this time.
This year, too, I am going to be present with two sessions until now at the SQL Con 2011 (26-29 September) in Mainz. Update (09/2011): I cancelled the presentation on “Reporting Services in SQL Server Denali” in favor of a topic I feel even more strongly about. (Besides, the Reporting Services themselves will hardly go […]
Almost a year ago I discovered an issue with SQL Server (all Versions from 2005 – 2008 R2, haven’t tested 2000) regarding the usage of the guest-account and impersonation. It also was presented by Ralf Dietrich and me at the SQL Server PASS Summit 2009 in Seattle where we informed Microsoft about it. – Thanks […]