SQL Server Security Blog

Public Preview Refresh of SQL Server Connector for Microsoft Azure Key Vault

For those that missed it, the Public Preview refresh download for the SQL Server Connector for...

Author: Jack Richins Date: 08/27/2015

Row-Level Security for Azure SQL Database is Generally Available

Row-Level Security (RLS) for Azure SQL Database is now generally available. RLS enables you to store...

Author: Tommy Mullaney Date: 08/19/2015

Always Encrypted Key rotation – Column master Key rotation.

Update: The syntax for column master keys have been updated. Please refer to...

Author: Raul Garcia - MS Date: 08/13/2015

Yes, You Really Can

I thought today would be a good day to remind you about Microsoft's stance on customer validation of...

Author: Jack Richins Date: 08/11/2015

Feedback request: Protecting data in SQL

We (the SQL Security product team) would like to better understand the needs and frustrations of...

Author: Tommy Mullaney Date: 07/31/2015

Encrypting Existing Data with Always Encrypted

As you have learned from our previous articles, Always Encrypted is a client-side encryption...

Author: Jakub Szymaszek Date: 07/28/2015

Optimizing RLS performance with the Query Store

In a previous post, we looked at best practices for optimizing the performance of Row-Level Security...

Author: Tommy Mullaney Date: 07/21/2015

Always Encrypted Key Metadata

Note: this article was modified on Nov 1st, 2015 to reflect syntax changes in T-SQL DDL and metadata...

Author: Jakub Szymaszek Date: 07/06/2015

Developing Web Apps using Always Encrypted

In our first post on the Always Encrypted technology, Getting Started with Always Encrypted, we...

Author: Jakub Szymaszek Date: 06/12/2015

Getting Started With Always Encrypted

Updates: The syntax for column master keys have been updated. Please refer to...

Author: Raul Garcia - MS Date: 06/04/2015

Apply Row-Level Security automatically to newly created tables

We have discussed before that applications with multi-tenant databases, including those using...

Author: Raul Garcia - MS Date: 05/22/2015

Using CLR to replace xp_cmdshell for specific tasks

As we have discussed before, xp_cmdshell is a mechanism to execute arbitrary calls into the system...

Author: Raul Garcia - MS Date: 05/20/2015

Recommendations for using Cell Level Encryption in Azure SQL Database

Update: Fixed an error on the sample code. When we introduced Transparent Data Encryption (TDE) to...

Author: Raul Garcia - MS Date: 05/12/2015

How to: Scale out multi-tenant apps using RLS and Elastic Database Tools

In response to a common customer ask, we've published guidance for developing multi-tenant...

Author: Tommy Mullaney Date: 05/07/2015

Announcing Transparent Data Encryption for Azure SQL Database

Available today, SQL Database Transparent Data Encryption (preview) protects your data and helps you...

Author: Jack Richins Date: 04/29/2015

Row-Level Security: Performance and common patterns

This post demonstrates three common patterns for implementing Row-Level Security (RLS) predicates:...

Author: Tommy Mullaney Date: 04/23/2015

Apply Row-Level Security to all tables -- helper script

Developing multi-tenant applications with Row-Level Security (RLS) just got a little easier. This...

Author: Tommy Mullaney Date: 03/30/2015

Row-Level Security: Blocking unauthorized INSERTs

Row-Level Security (RLS) for Azure SQL Database enables you to transparently filter all...

Author: Tommy Mullaney Date: 03/23/2015

Row-Level Security for Middle-Tier Apps – Using Disjunctions in the Predicate

In Building More Secure Middle-Tier Applications with Azure SQL Database using Row-Level Security,...

Author: Raul Garcia - MS Date: 03/16/2015

Updated MSDN Documentation for Azure SQL Database Row-Level Security

Row-Level Security Preview

Author: Jack Richins Date: 01/30/2015

Row-Level Security for Azure SQL Database

I'm so excited to announce that we are deploying Row-Level Security, a programmability feature to...

Author: Jack Richins Date: 01/29/2015

SQL Application Column Encryption Sample (Codeplex) available

To achieve many compliance guidelines on Azure SQL Database, the application needs to encrypt the...

Author: Raul Garcia - MS Date: 09/17/2014

Auditing in Azure SQL Database

I'm very excited to share the hard work some of my peers have been doing - Auditing in Azure SQL...

Author: Jack Richins Date: 08/05/2014

PVKConverter

I'm happy to inform you that if you were looking for a tool from Microsoft to convert PFX files to...

Author: Jack Richins Date: 10/23/2013

Filter SQL Server Audit on action_id / class_type predicate

In SQL Server 2012, Server Audit can be created with a predicate expression (refer to MSDN). This...

Author: Rinku Agarwal Date: 10/03/2012

SQL Server 2012 Best Practices Analyzer

Copied from an internal email from a PM on the team, Jakub -I’m pleased to announce that SQL...

Author: Jack Richins Date: 04/19/2012

Security Best Practice and Label Security Whitepapers

2 New Whitepapers: SQL Server 2012 Security Best Practice white paper (updated link:...

Author: Jack Richins Date: 03/06/2012

Azure Trust Services

Microsoft is working on a new Windows Azure service through SQL Azure Labs, called Trust Services....

Author: Don Pinto Date: 02/17/2012

SQL Azure Security Services

Last week, we released SQL Azure Security Services through SQL Azure Labs. In this initial version...

Author: Bala Neerumalla Date: 02/01/2012

Meet the team at SQL PASS Summit 2011

PASS Summit 2011 is coming to Seattle this week starting October 11th 2011. You'll have the...

Author: Don Pinto Date: 10/11/2011

Data Hashing in SQL Server

A common scenario in data warehousing applications is knowing what source system records to update,...

Author: Don Pinto Date: 08/26/2011

Database Engine Permission Basics

I am posting this on behalf of my colleague Rick Byham, a technical writer on the SQL Server Team....

Author: Don Pinto Date: 08/25/2011

SQL Server 2008 PCI DSS v.2.0 Whitepaper

If PCI compliance with SQL Server is a concern for you, then you'll probably want to check out the...

Author: Il-Sung Date: 07/15/2011

Integrity checks with EncryptByKey

This article is a follow up to “Prevent Tampering of Encrypted Data Using @add_authenticator...

Author: Raul Garcia - MS Date: 04/05/2011

Prevent Tampering of Encrypting Data Using add_authenticator Argument of EncryptByKey

This article is one of several articles discussing some of the best practices for encrypting data....

Author: Raul Garcia - MS Date: 02/21/2011

Revisiting the RC4 / RC4_128 Cipher

The implementation of RC4/RC4_128 in SQL Server does not salt the key and this severely weakens the...

Author: Don Pinto Date: 02/09/2011

Tips for using DB user with password

Creating DB-specific users with password on a contained DB can provide a lot of mobility for...

Author: Raul Garcia - MS Date: 01/18/2011

Contained Database Authentication in depth

To connect with contained user credentials you have to specify contained database in the connection...

Author: Lyudmila Fokina Date: 12/07/2010

Contained Database Authentication: How to control which databases are allowed to authenticate users using logon triggers

With the release of Microsoft SQL Server code-name “Denali” Community Technology Preview...

Author: Raul Garcia - MS Date: 12/06/2010

Contained Database Authentication: Monitoring and controlling contained users

Enabling contained database authentication on an instance allows db owners (and other privileged db...

Author: Lyudmila Fokina Date: 12/03/2010

Contained Database Authentication: Introduction

In Microsoft SQL Server code-name “Denali” Community Technology Preview 1 (CTP1) we...

Author: Lyudmila Fokina Date: 12/02/2010

Guest account in User Databases

Andreas Wolter recently posted yet another reason to keep guest disabled on user databases in SQL...

Author: Jack Richins Date: 09/24/2010

rand vs. crypt_gen_random

Many applications need to generate random data, and in order to help in this task they typically...

Author: Raul Garcia - MS Date: 09/09/2010

Security Checklists on TechNet Wiki

Rick Byham, our wonderful technical writer, just posted some checklists you may find useful on the...

Author: Jack Richins Date: 07/26/2010

DEK and the Log

In my previous post I talked about DEK management and how it is stored in the database. In this post...

Author: Zubair Ahmed Mughal - MSFT Date: 07/13/2010

Database Encryption Key (DEK) management

This post will talk about DEK, what it is and how it is securely stored and managed inside a...

Author: Zubair Ahmed Mughal - MSFT Date: 06/14/2010

TDE, DEK and the LOG

Transparent Database Encryption (TDE) was introduced in SQL Server 2008 to allow users to encrypt...

Author: Zubair Ahmed Mughal - MSFT Date: 06/04/2010

Blocking automated SQL injection attacks

SQL injection attacks have been on the rise in the last two years, mainly because of automated...

Author: Bala Neerumalla Date: 04/27/2010

SQL Server Authentication Troubleshooter

I am posting this article on behalf of my teammate Lyudmila. A new tool to help investigate...

Author: Raul Garcia - MS Date: 03/29/2010

<Previous Next>