Get helpEkinlikler
31 Mar 23 - 2 Nis 23
En büyük SQL, Fabric ve Power BI öğrenme etkinliği. 31 Mart – 2 Nisan. 400 ABD doları tasarruf etmek için FABINSIDER kodunu kullanın.
Bugün kaydolunSecurity for SQL Server Database Engine and Azure SQL Database
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Azure Synapse Analytics
Analytics Platform System (PDW)
This page provides links to help you locate the information that you need about security and protection in the SQL Server Database Engine and Azure SQL Database.
Legend
| Feature | Link |
|---|---|
Who Authenticates?
Windows Authentication
SQL Server Authentication
Microsoft Entra ID (formerly Azure Active Directory) |
Who Authenticates? (Windows or SQL Server) Choose an Authentication Mode Connect to Azure SQL with Microsoft Entra authentication |
| Where Authenticated?
At master Database: Logins and DB Users
At User Database: Contained DB Users |
Authenticate at the master database (Logins and database users) Create a SQL Server Login Managing Databases and Logins in Azure SQL Database Create a Database User Authenticate at a user database Contained Database Users - Making Your Database Portable |
| Using Other Identities
Credentials
Execute as Another Login
Execute as Another Database User |
Credentials (Database Engine) Execute as Another Login Execute as Another Database User |
| Feature | Link |
|---|---|
| Granting, Revoking, and Denying Permissions
Securable Classes
Granular Server Permissions
Granular Database Permissions |
Permissions Hierarchy (Database Engine) Permissions Securables Getting Started with Database Engine Permissions |
| Security by Roles
Server Level Roles
Database Level Roles |
Server-Level Roles Database-Level Roles |
| Restricting Data Access to Selected Data Elements
Restrict Data Access With Views/Procedures
Row-Level Security
Dynamic Data Masking
Signed Objects |
Restrict Data Access Using Views and Procedures Row-Level Security (SQL Server) Row-Level Security (Azure SQL Database) Dynamic Data Masking (SQL Server) Dynamic Data Masking (Azure SQL Database) Signed Objects |
| Feature | Link |
|---|---|
| Encrypting Files
BitLocker Encryption (Drive Level)
NTFS Encryption (Folder Level)
Transparent Data Encryption (File Level)
Backup Encryption (File Level) |
BitLocker (Drive Level) NTFS Encryption (Folder Level) Transparent Data Encryption (File Level) Backup Encryption (File Level) |
| Encrypting Sources
Extensible Key Management Module
Keys Stored in the Azure Key Vault
Always Encrypted |
Extensible Key Management Module Keys Stored in the Azure Key Vault Always Encrypted |
| Column, Data, & Key Encryption
Encrypt by Certificate
Encrypt by Symmetric Key
Encrypt by Asymmetric Key
Encrypt by Passphrase |
Encrypt by Certificate Encrypt by Asymmetric Key Encrypt by Symmetric Key Encrypt by Passphrase Encrypt a Column of Data |
| Feature | Link |
|---|---|
Firewall Protection
Windows Firewall Settings
Azure Service Firewall Settings
Database Firewall Settings |
Configure a Windows Firewall for Database Engine Access Azure SQL Database Firewall Settings Azure Service Firewall Settings |
| Encrypting Data in Transit
Forced SSL Connections
Optional SSL Connections |
Enable Encrypted Connections to the Database Engine Enable Encrypted Connections to the Database Engine, Network security TLS 1.2 support for Microsoft SQL Server |
| Feature | Link |
|---|---|
| Automated Auditing
SQL Server Audit (Server and DB Level)
SQL Database Audit (Database Level)
Detect threats |
SQL Server Audit (Database Engine) SQL Database Auditing Get started with SQL Database Advanced Threat Protection SQL Database Vulnerability Assessment |
| Custom Audit
Triggers |
Custom Audit Implementation: Creating DDL Triggers and DML Triggers |
| Compliance
Compliance |
SQL Server: Common Criteria SQL Database: Microsoft Azure Trust Center: Compliance by Feature |
SQL injection is an attack in which malicious code is inserted into strings that are later passed to the Database Engine for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. All database systems have some risk of SQL Injection, and many of the vulnerabilities are introduced in the application that is querying the Database Engine. You can thwart SQL injection attacks by using stored procedures and parameterized commands, avoiding dynamic SQL, and restricting permissions on all users. For more information, see SQL Injection.
Additional links for application programmers:
Getting Started with Database Engine Permissions
Securing SQL Server
Principals (Database Engine)
SQL Server Certificates and Asymmetric Keys
SQL Server Encryption
Surface Area Configuration
Strong Passwords
TRUSTWORTHY Database Property
Database Engine Features and Tasks
Protecting Your SQL Server Intellectual Property
- Ideas for SQL: Have suggestions for improving SQL Server?
- Microsoft Q & A (SQL Server)
- DBA Stack Exchange (tag sql-server) - ask SQL Server questions
- Stack Overflow (tag sql-server) - also has some answers about SQL development
- Reddit - general discussion about SQL Server
- Microsoft SQL Server License Terms and Information
- Support options for business users
- Contact Microsoft
Ek kaynaklar
Eğitim
Öğrenme yolu
Veritabanı hizmeti için güvenli bir ortam uygulama - Training
Veritabanı hizmeti için güvenli bir ortam uygulama
Sertifikasyon
Microsoft Sertifikalı: Azure Veritabanı Yöneticisi Uzmanlık - Certifications
Microsoft PaaS ilişkisel veritabanı tekliflerini kullanarak bulut, şirket içi ve karma ilişkisel veritabanları için SQL Server veritabanı altyapısını yönetme.
Belgeler
-
SQL Server 2022'deki yenilikler - SQL Server
Geliştirme dilleri, veri türleri, ortamlar ve işletim sistemleri seçenekleri sunan SQL Server 2022 (16.x) için yeni özellikler hakkında bilgi edinin.
-
SQL Server sorun giderme belgeleri
Bu makalede Bilgi Bankası (KB) ve SQL Server için diğer Destek makaleleri listeleniyor.