SQL Server Security Blog
Presentation on SQL Security
The SQL Security Team's Raul Garcia and Il- Sung Lee are presenting at 1 PM PST today on SQL...
Author: Jack Richins Date: 03/18/2010
Open positions @ SQL Server
We wanted to post and let everyone know that the Microsoft SQL Server Base and Infrastructure (SBIA)...
Author: Raul Garcia - MS Date: 02/26/2010
RSA Conference 2010
If anyone is planning to attend to the RSA Conference 2010 in San Francisco, please stop by and...
Author: Raul Garcia - MS Date: 02/26/2010
HIPAA Compliance with SQL Server 2008
Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and...
Author: Il-Sung Date: 02/24/2010
Quick security references (QSR) on Cross-Site scripting and SQL injection.
Recently the Security Development Lifecycle (SDL) team announced the release of new type of security...
Author: Raul Garcia - MS Date: 02/01/2010
Consolidation Guidance for SQL Server
Sung Hsueh, a former SQL Engine Security team member, just published a whitepaper with co-authors...
Author: Jack Richins Date: 11/24/2009
How To: Share a Single EKM Credential among Multiple Users
SQL Server Extensible Key Management (EKM) requires the authentication information (user/password)...
Author: Raul Garcia - MS Date: 10/03/2009
Filtering (obfuscating) Sensitive Text in SQL Server
A very common concern when dealing with sensitive data such as passwords is how to make sure that...
Author: Raul Garcia - MS Date: 06/11/2009
Link to Lyudmila’s blog
My teammate Lyudmila is maintaining her own TechNet blog where she writes articles related to SQL...
Author: Raul Garcia - MS Date: 06/11/2009
Arx the latest vendor to support EKM
With the increasing popularity of the EKM feature in SQL Server 2008, more vendors are adding their...
Author: Il-Sung Date: 05/12/2009
How To Choose Audit Action Group When Using Auditing in SQL Server 2008
SQL Sever 2008 introduces auditing feature which can audit both server-level events and...
Author: liyingj Date: 05/09/2009
Thales/nCipher announces EKM support for SQL Server 2008
I'm very please to announce that last week during the RSA Conference, Thales announced their support...
Author: Il-Sung Date: 04/27/2009
PCI DSS Compliance with SQL Server 2008
Since PCI Compliance seems to be popular subject for SQL Server users (by which I mean that a quite...
Author: Il-Sung Date: 04/16/2009
SQL Server EncryptByKey cryptographic message description
Since the introduction of SQL Server 2008 extensible key management (EKM), new opportunities may...
Author: Raul Garcia - MS Date: 03/30/2009
Enforce Windows Password Policy on SQL Server Logins
If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is...
Author: liyingj Date: 03/24/2009
Interested in Compliance?
I'm pretty sure that there are many of you who have to deal with regulatory compliance but how many...
Author: Il-Sung Date: 03/13/2009
Feedback requested: Default schemas for Windows groups
We would like your feedback on the scenarios where you need to assign default schemas to Windows...
Author: Jack Richins Date: 03/09/2009
Performance of Impact of Auditing in SQL Server 2008
Il-Sung Lee and Art Rask’s whitepaper, Auditing in SQL Server 2008, just hit the web....
Author: Jack Richins Date: 02/24/2009
Auditing in SQL Server 2008 white paper
In continuation to the post by Jack back in October, we've added Auditing in SQL Server 2008 to our...
Author: Il-Sung Date: 02/23/2009
Data Protection Day, January 28th
Thought some readers of this blog might be interested in Data Protection Day, tomorrow, January 28....
Author: Jack Richins Date: 01/27/2009
About DEK rotation and log backup in Transparent Database Encryption (TDE)
Regarding the DEK rotation in TDE, after a DEK has been rotated twice, a log backup must be...
Author: liyingj Date: 01/26/2009
First HSM for SQL Server 2008 released!
Today, January 15th 2009, Safenet announced its release of Luna SA HSM support for SQL Server 2008...
Author: Zubair Ahmed Mughal - MSFT Date: 01/15/2009
Configuring SQL Audit using the Audit Dynamic Management Views
In SQL Audit we added 2 Dynamic Management Views (DMVs) for use with reporting and configuration...
Author: Jack Richins Date: 12/17/2008
How to create a SQL trace using T-SQL
Some users want to know if there is a way to monitor events on SQL server without using SQL...
Author: liyingj Date: 12/11/2008
Caregroup CIO Blogs about using Auditing
John Halamka, Harvard CIO, has blogged about the Caregroup Auditing project that was the basis for...
Author: Jack Richins Date: 12/03/2008
SQL Server 2008 Compliance Guide
Denny Lee and JC Cannon have been hard at work producing a Compliance Guide for SQL Server 2008,...
Author: Jack Richins Date: 11/18/2008
SQL Audit Buffering and Error Handling
I've had several questions about how exactly the buffering and error handling works in SQL Audit and...
Author: Jack Richins Date: 10/16/2008
SQL Server 2008 Security Whitepapers
I just wanted to call attention to a few SQL Server 2008 related security papers written or reviewed...
Author: Jack Richins Date: 10/06/2008
Accessing the calling context in modules that use EXECUTE AS
In many occasions, marking a module (i.e. SP, trigger, etc.) with execute as can be really useful as...
Author: Raul Garcia - MS Date: 08/07/2008
Microsoft ® Source Code Analyzer for SQL Injection – July 2008 CTP
Today we have released an updated Community Technology Preview of Microsoft Source Code Analyzer for...
Author: Bala Neerumalla Date: 07/11/2008
SQL Server and the Windows Server 2008 Firewall
We’ve long recommended that customers use the Windows Firewall to protect SQL Server...
Author: Shawn Hernan Date: 07/01/2008
Getting started with Microsoft ® Source Code Analyzer for SQL Injection
Two days ago, we released Microsoft ® Source Code Analyzer for SQL Injection, June 2008 CTP...
Author: Bala Neerumalla Date: 06/27/2008
Microsoft ® Source Code Analyzer for SQL Injection – June 2008 CTP
Today Microsoft has released a Community Technology Preview of a new source code analyzer that can...
Author: Bala Neerumalla Date: 06/24/2008
SQL Server 2005 Encryption – Encryption and data length limitations (feedback page)
We have received some feedback regarding the “SQL Server 2005 Encryption – Encryption...
Author: Raul Garcia - MS Date: 03/03/2008
xp_cmdshell
xp_cmdshell is essentially a mechanism to execute arbitrary calls into the system using either the...
Author: Raul Garcia - MS Date: 01/10/2008
The TRUSTWORHY bit database property in SQL Server 2005
In SQL Server 2005 we introduced a new database property named TRUSTWORTHY bit (TW bit for short) at...
Author: Raul Garcia - MS Date: 12/03/2007
OPEN SYMMETRIC KEY scope in SQL Server
Recently I have heard a few questions regarding the scope of the SYMMETRIC KEY key-ring, especially...
Author: Raul Garcia - MS Date: 11/29/2007