SQL Server Security Blog
Public Preview Refresh of SQL Server Connector for Microsoft Azure Key Vault
For those that missed it, the Public Preview refresh download for the SQL Server Connector for...
Author: Jack Richins Date: 08/27/2015
Row-Level Security for Azure SQL Database is Generally Available
Row-Level Security (RLS) for Azure SQL Database is now generally available. RLS enables you to store...
Author: Tommy Mullaney Date: 08/19/2015
Always Encrypted Key rotation – Column master Key rotation.
Update: The syntax for column master keys have been updated. Please refer to...
Author: Raul Garcia - MS Date: 08/13/2015
Yes, You Really Can
I thought today would be a good day to remind you about Microsoft's stance on customer validation of...
Author: Jack Richins Date: 08/11/2015
Feedback request: Protecting data in SQL
We (the SQL Security product team) would like to better understand the needs and frustrations of...
Author: Tommy Mullaney Date: 07/31/2015
Encrypting Existing Data with Always Encrypted
As you have learned from our previous articles, Always Encrypted is a client-side encryption...
Author: Jakub Szymaszek Date: 07/28/2015
Optimizing RLS performance with the Query Store
In a previous post, we looked at best practices for optimizing the performance of Row-Level Security...
Author: Tommy Mullaney Date: 07/21/2015
Always Encrypted Key Metadata
Note: this article was modified on Nov 1st, 2015 to reflect syntax changes in T-SQL DDL and metadata...
Author: Jakub Szymaszek Date: 07/06/2015
Developing Web Apps using Always Encrypted
In our first post on the Always Encrypted technology, Getting Started with Always Encrypted, we...
Author: Jakub Szymaszek Date: 06/12/2015
Getting Started With Always Encrypted
Updates: The syntax for column master keys have been updated. Please refer to...
Author: Raul Garcia - MS Date: 06/04/2015
Apply Row-Level Security automatically to newly created tables
We have discussed before that applications with multi-tenant databases, including those using...
Author: Raul Garcia - MS Date: 05/22/2015
Using CLR to replace xp_cmdshell for specific tasks
As we have discussed before, xp_cmdshell is a mechanism to execute arbitrary calls into the system...
Author: Raul Garcia - MS Date: 05/20/2015
Recommendations for using Cell Level Encryption in Azure SQL Database
Update: Fixed an error on the sample code. When we introduced Transparent Data Encryption (TDE) to...
Author: Raul Garcia - MS Date: 05/12/2015
How to: Scale out multi-tenant apps using RLS and Elastic Database Tools
In response to a common customer ask, we've published guidance for developing multi-tenant...
Author: Tommy Mullaney Date: 05/07/2015
Announcing Transparent Data Encryption for Azure SQL Database
Available today, SQL Database Transparent Data Encryption (preview) protects your data and helps you...
Author: Jack Richins Date: 04/29/2015
Row-Level Security: Performance and common patterns
This post demonstrates three common patterns for implementing Row-Level Security (RLS) predicates:...
Author: Tommy Mullaney Date: 04/23/2015
Apply Row-Level Security to all tables -- helper script
Developing multi-tenant applications with Row-Level Security (RLS) just got a little easier. This...
Author: Tommy Mullaney Date: 03/30/2015
Row-Level Security: Blocking unauthorized INSERTs
Row-Level Security (RLS) for Azure SQL Database enables you to transparently filter all...
Author: Tommy Mullaney Date: 03/23/2015
Row-Level Security for Middle-Tier Apps – Using Disjunctions in the Predicate
In Building More Secure Middle-Tier Applications with Azure SQL Database using Row-Level Security,...
Author: Raul Garcia - MS Date: 03/16/2015
Updated MSDN Documentation for Azure SQL Database Row-Level Security
Row-Level Security Preview
Author: Jack Richins Date: 01/30/2015
Row-Level Security for Azure SQL Database
I'm so excited to announce that we are deploying Row-Level Security, a programmability feature to...
Author: Jack Richins Date: 01/29/2015
SQL Application Column Encryption Sample (Codeplex) available
To achieve many compliance guidelines on Azure SQL Database, the application needs to encrypt the...
Author: Raul Garcia - MS Date: 09/17/2014
Auditing in Azure SQL Database
I'm very excited to share the hard work some of my peers have been doing - Auditing in Azure SQL...
Author: Jack Richins Date: 08/05/2014
PVKConverter
I'm happy to inform you that if you were looking for a tool from Microsoft to convert PFX files to...
Author: Jack Richins Date: 10/23/2013
Filter SQL Server Audit on action_id / class_type predicate
In SQL Server 2012, Server Audit can be created with a predicate expression (refer to MSDN). This...
Author: Rinku Agarwal Date: 10/03/2012
SQL Server 2012 Best Practices Analyzer
Copied from an internal email from a PM on the team, Jakub -I’m pleased to announce that SQL...
Author: Jack Richins Date: 04/19/2012
Security Best Practice and Label Security Whitepapers
2 New Whitepapers: SQL Server 2012 Security Best Practice white paper (updated link:...
Author: Jack Richins Date: 03/06/2012
Azure Trust Services
Microsoft is working on a new Windows Azure service through SQL Azure Labs, called Trust Services....
Author: Don Pinto Date: 02/17/2012
SQL Azure Security Services
Last week, we released SQL Azure Security Services through SQL Azure Labs. In this initial version...
Author: Bala Neerumalla Date: 02/01/2012
Meet the team at SQL PASS Summit 2011
PASS Summit 2011 is coming to Seattle this week starting October 11th 2011. You'll have the...
Author: Don Pinto Date: 10/11/2011
Data Hashing in SQL Server
A common scenario in data warehousing applications is knowing what source system records to update,...
Author: Don Pinto Date: 08/26/2011
Database Engine Permission Basics
I am posting this on behalf of my colleague Rick Byham, a technical writer on the SQL Server Team....
Author: Don Pinto Date: 08/25/2011
SQL Server 2008 PCI DSS v.2.0 Whitepaper
If PCI compliance with SQL Server is a concern for you, then you'll probably want to check out the...
Author: Il-Sung Date: 07/15/2011
Integrity checks with EncryptByKey
This article is a follow up to “Prevent Tampering of Encrypted Data Using @add_authenticator...
Author: Raul Garcia - MS Date: 04/05/2011
Prevent Tampering of Encrypting Data Using add_authenticator Argument of EncryptByKey
This article is one of several articles discussing some of the best practices for encrypting data....
Author: Raul Garcia - MS Date: 02/21/2011
Revisiting the RC4 / RC4_128 Cipher
The implementation of RC4/RC4_128 in SQL Server does not salt the key and this severely weakens the...
Author: Don Pinto Date: 02/09/2011
Tips for using DB user with password
Creating DB-specific users with password on a contained DB can provide a lot of mobility for...
Author: Raul Garcia - MS Date: 01/18/2011
Contained Database Authentication in depth
To connect with contained user credentials you have to specify contained database in the connection...
Author: Lyudmila Fokina Date: 12/07/2010
Contained Database Authentication: How to control which databases are allowed to authenticate users using logon triggers
With the release of Microsoft SQL Server code-name “Denali” Community Technology Preview...
Author: Raul Garcia - MS Date: 12/06/2010
Contained Database Authentication: Monitoring and controlling contained users
Enabling contained database authentication on an instance allows db owners (and other privileged db...
Author: Lyudmila Fokina Date: 12/03/2010
Contained Database Authentication: Introduction
In Microsoft SQL Server code-name “Denali” Community Technology Preview 1 (CTP1) we...
Author: Lyudmila Fokina Date: 12/02/2010
Guest account in User Databases
Andreas Wolter recently posted yet another reason to keep guest disabled on user databases in SQL...
Author: Jack Richins Date: 09/24/2010
rand vs. crypt_gen_random
Many applications need to generate random data, and in order to help in this task they typically...
Author: Raul Garcia - MS Date: 09/09/2010
Security Checklists on TechNet Wiki
Rick Byham, our wonderful technical writer, just posted some checklists you may find useful on the...
Author: Jack Richins Date: 07/26/2010
DEK and the Log
In my previous post I talked about DEK management and how it is stored in the database. In this post...
Author: Zubair Ahmed Mughal - MSFT Date: 07/13/2010
Database Encryption Key (DEK) management
This post will talk about DEK, what it is and how it is securely stored and managed inside a...
Author: Zubair Ahmed Mughal - MSFT Date: 06/14/2010
TDE, DEK and the LOG
Transparent Database Encryption (TDE) was introduced in SQL Server 2008 to allow users to encrypt...
Author: Zubair Ahmed Mughal - MSFT Date: 06/04/2010
Blocking automated SQL injection attacks
SQL injection attacks have been on the rise in the last two years, mainly because of automated...
Author: Bala Neerumalla Date: 04/27/2010
SQL Server Authentication Troubleshooter
I am posting this article on behalf of my teammate Lyudmila. A new tool to help investigate...
Author: Raul Garcia - MS Date: 03/29/2010