Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Presentation on SQL Security
The SQL Security Team's Raul Garcia and Il- Sung Lee are presenting at 1 PM PST today on SQL...
Author: Jack Richins Date: 03/18/2010
Open positions @ SQL Server
We wanted to post and let everyone know that the Microsoft SQL Server Base and Infrastructure (SBIA)...
Author: Raul Garcia - MS Date: 02/26/2010
RSA Conference 2010
If anyone is planning to attend to the RSA Conference 2010 in San Francisco, please stop by and...
Author: Raul Garcia - MS Date: 02/26/2010
HIPAA Compliance with SQL Server 2008
Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and...
Author: Il-Sung Date: 02/24/2010
Quick security references (QSR) on Cross-Site scripting and SQL injection.
Recently the Security Development Lifecycle (SDL) team announced the release of new type of security...
Author: Raul Garcia - MS Date: 02/01/2010
Consolidation Guidance for SQL Server
Sung Hsueh, a former SQL Engine Security team member, just published a whitepaper with co-authors...
Author: Jack Richins Date: 11/24/2009
How To: Share a Single EKM Credential among Multiple Users
SQL Server Extensible Key Management (EKM) requires the authentication information (user/password)...
Author: Raul Garcia - MS Date: 10/03/2009
Filtering (obfuscating) Sensitive Text in SQL Server
A very common concern when dealing with sensitive data such as passwords is how to make sure that...
Author: Raul Garcia - MS Date: 06/11/2009
Link to Lyudmila’s blog
My teammate Lyudmila is maintaining her own TechNet blog where she writes articles related to SQL...
Author: Raul Garcia - MS Date: 06/11/2009
Arx the latest vendor to support EKM
With the increasing popularity of the EKM feature in SQL Server 2008, more vendors are adding their...
Author: Il-Sung Date: 05/12/2009
How To Choose Audit Action Group When Using Auditing in SQL Server 2008
SQL Sever 2008 introduces auditing feature which can audit both server-level events and...
Author: liyingj Date: 05/09/2009
Thales/nCipher announces EKM support for SQL Server 2008
I'm very please to announce that last week during the RSA Conference, Thales announced their support...
Author: Il-Sung Date: 04/27/2009
PCI DSS Compliance with SQL Server 2008
Since PCI Compliance seems to be popular subject for SQL Server users (by which I mean that a quite...
Author: Il-Sung Date: 04/16/2009
SQL Server EncryptByKey cryptographic message description
Since the introduction of SQL Server 2008 extensible key management (EKM), new opportunities may...
Author: Raul Garcia - MS Date: 03/30/2009
Enforce Windows Password Policy on SQL Server Logins
If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is...
Author: liyingj Date: 03/24/2009
Interested in Compliance?
I'm pretty sure that there are many of you who have to deal with regulatory compliance but how many...
Author: Il-Sung Date: 03/13/2009
Feedback requested: Default schemas for Windows groups
We would like your feedback on the scenarios where you need to assign default schemas to Windows...
Author: Jack Richins Date: 03/09/2009
Performance of Impact of Auditing in SQL Server 2008
Il-Sung Lee and Art Rask’s whitepaper, Auditing in SQL Server 2008, just hit the web....
Author: Jack Richins Date: 02/24/2009
Auditing in SQL Server 2008 white paper
In continuation to the post by Jack back in October, we've added Auditing in SQL Server 2008 to our...
Author: Il-Sung Date: 02/23/2009
Data Protection Day, January 28th
Thought some readers of this blog might be interested in Data Protection Day, tomorrow, January 28....
Author: Jack Richins Date: 01/27/2009
About DEK rotation and log backup in Transparent Database Encryption (TDE)
Regarding the DEK rotation in TDE, after a DEK has been rotated twice, a log backup must be...
Author: liyingj Date: 01/26/2009
First HSM for SQL Server 2008 released!
Today, January 15th 2009, Safenet announced its release of Luna SA HSM support for SQL Server 2008...
Author: Zubair Ahmed Mughal - MSFT Date: 01/15/2009
Configuring SQL Audit using the Audit Dynamic Management Views
In SQL Audit we added 2 Dynamic Management Views (DMVs) for use with reporting and configuration...
Author: Jack Richins Date: 12/17/2008
How to create a SQL trace using T-SQL
Some users want to know if there is a way to monitor events on SQL server without using SQL...
Author: liyingj Date: 12/11/2008
Caregroup CIO Blogs about using Auditing
John Halamka, Harvard CIO, has blogged about the Caregroup Auditing project that was the basis for...
Author: Jack Richins Date: 12/03/2008
SQL Server 2008 Compliance Guide
Denny Lee and JC Cannon have been hard at work producing a Compliance Guide for SQL Server 2008,...
Author: Jack Richins Date: 11/18/2008
SQL Audit Buffering and Error Handling
I've had several questions about how exactly the buffering and error handling works in SQL Audit and...
Author: Jack Richins Date: 10/16/2008
SQL Server 2008 Security Whitepapers
I just wanted to call attention to a few SQL Server 2008 related security papers written or reviewed...
Author: Jack Richins Date: 10/06/2008
Accessing the calling context in modules that use EXECUTE AS
In many occasions, marking a module (i.e. SP, trigger, etc.) with execute as can be really useful as...
Author: Raul Garcia - MS Date: 08/07/2008
Microsoft ® Source Code Analyzer for SQL Injection – July 2008 CTP
Today we have released an updated Community Technology Preview of Microsoft Source Code Analyzer for...
Author: Bala Neerumalla Date: 07/11/2008
SQL Server and the Windows Server 2008 Firewall
We’ve long recommended that customers use the Windows Firewall to protect SQL Server...
Author: Shawn Hernan Date: 07/01/2008
Getting started with Microsoft ® Source Code Analyzer for SQL Injection
Two days ago, we released Microsoft ® Source Code Analyzer for SQL Injection, June 2008 CTP...
Author: Bala Neerumalla Date: 06/27/2008
Microsoft ® Source Code Analyzer for SQL Injection – June 2008 CTP
Today Microsoft has released a Community Technology Preview of a new source code analyzer that can...
Author: Bala Neerumalla Date: 06/24/2008
SQL Server 2005 Encryption – Encryption and data length limitations (feedback page)
We have received some feedback regarding the “SQL Server 2005 Encryption – Encryption...
Author: Raul Garcia - MS Date: 03/03/2008
xp_cmdshell
xp_cmdshell is essentially a mechanism to execute arbitrary calls into the system using either the...
Author: Raul Garcia - MS Date: 01/10/2008
The TRUSTWORHY bit database property in SQL Server 2005
In SQL Server 2005 we introduced a new database property named TRUSTWORTHY bit (TW bit for short) at...
Author: Raul Garcia - MS Date: 12/03/2007
OPEN SYMMETRIC KEY scope in SQL Server
Recently I have heard a few questions regarding the scope of the SYMMETRIC KEY key-ring, especially...
Author: Raul Garcia - MS Date: 11/29/2007