Security Information and Review

Collection of security information and review

Archive for the 'SQL Server Security' Category

Critical Vulnerability in Mozilla Firefox, Belmoo and Nobel Peace Prize Site

Author : Admin

Latest vulnerability has been found in Mozilla Firefox v3.5 and v3.6 that is caused due to an unspecified error and can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted site. If a user visited an infected site, the malware might be installed on the user’s computer without warning. The malware is delivered and installed by way of a malicious JavaScript that exploit a vulnerability in Firefox v3.5 and v3.6.

The malware ( Trojan ) was initially reported as live on the Nobel Peace Prize site and that specific site is now being blocked by Firefox’s built-in malware protection. However, the exploit code could still be live on other site. The Malicious JavaScript as Exploit:JS/Belmoo and the payload as Backdoor::Win32/Belmoo.A ( BKDR_NINDYA.A : Trend Micro ). … continue reading : Critical Vulnerability in Mozilla Firefox, Belmoo and Nobel Peace Prize Site.

28 October 2010 at 16:26 - Comments

Hardening MS SQL Server Security with Database Roles

Author : Admin

MS SQL Server divides it’s authorization architecture into statement permission and object permission. In the MS SQL Server there are three types of permissions : GRANT, REVOKE AND DENY. With statement permissions allow user to create, alter and drop objects in the database, such as CREATE DATABASE, CREATE FUNCTION, CREATE PROCEDURE and others. In the object permission, allow user to perform operations that use the objects in the dataset such as SELECT, INSERT, DELETE and others.

In the MS SQL Server, each database has a set of ten built-in roles : public, db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_dennydatareader, db_denydatawriter. … continue reading : Hardening MS SQL Server Security with Database Roles.

31 August 2009 at 23:47 - Comments

Fixed Database Roles in MS SQL Server Security

Author : Admin

The first step to securing MS SQL server security is Login Security. So, we will spend a lot of time ensuring unauthorized user never log into MS SQL Server successfully. The Login process is comparing account names and password in the list of authorized users, we need to prevent account name and password from being stolen by the wrong people.

In the MS SQL Server, there are some roles that represent server administrator tasks and we more granular control over what the administrator can do. We can classify of the fix role in the MS SQL Server : Primary Server Roles and Secondary Server Roles. … continue reading : Fixed Database Roles in MS SQL Server Security.

31 August 2009 at 21:41 - Comments

Basic Microsoft SQL Server Security

Author : Admin

Every discuss about Microsoft Windows security and other security discussion, it’s most often described for the first time is the Authentication and Authorization. Authentication is the process of identification of the person / user and Authorization refers to the process of determining what that user can do. At this article, we will discuss about Microsoft SQL Server ( all version of MS SQL Server ), Authentication and Authorization.


In the Microsoft SQL Server, authentication process occures when someone wanted to make a connection to Microsoft SQL Server. User and password is required for some one to be able to access resources of the Microsoft SQL Server. Once the authentication process finishes, Microsoft SQL Server takes control of authorizing user’s can access to object ( Database, table, trigger and function ) and data in the system.


Microsoft SQL Server version 7.0 up, can grant permission to Basic Windows authenticated login on their individual account or the groups of which they are members SQL Server Authenticated. beside this rules, Microsoft SQL Server can grant permission based on the login ID or in membership in database roles, which function like Windows Groups.
… continue reading : Basic Microsoft SQL Server Security.

22 May 2009 at 21:39 - Comments