Security Information and Review

Collection of security information and review

Posts Tagged 'SQL Server Security'

Hardening MS SQL Server Security with Database Roles

Author : Admin

MS SQL Server divides it’s authorization architecture into statement permission and object permission. In the MS SQL Server there are three types of permissions : GRANT, REVOKE AND DENY. With statement permissions allow user to create, alter and drop objects in the database, such as CREATE DATABASE, CREATE FUNCTION, CREATE PROCEDURE and others. In the object permission, allow user to perform operations that use the objects in the dataset such as SELECT, INSERT, DELETE and others.

In the MS SQL Server, each database has a set of ten built-in roles : public, db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_dennydatareader, db_denydatawriter. … continue reading : Hardening MS SQL Server Security with Database Roles.

31 August 2009 at 23:47 - Comments

Fixed Database Roles in MS SQL Server Security

Author : Admin

The first step to securing MS SQL server security is Login Security. So, we will spend a lot of time ensuring unauthorized user never log into MS SQL Server successfully. The Login process is comparing account names and password in the list of authorized users, we need to prevent account name and password from being stolen by the wrong people.

In the MS SQL Server, there are some roles that represent server administrator tasks and we more granular control over what the administrator can do. We can classify of the fix role in the MS SQL Server : Primary Server Roles and Secondary Server Roles. … continue reading : Fixed Database Roles in MS SQL Server Security.

31 August 2009 at 21:41 - Comments

How to prevent SQL Injection Attacks

Author : Admin

This article will show a number of ways to protect web application from SQL Injection Attacks. SQL Injection attacks occur when an application uses input from user that has not been check to see that it’s valid text. So, SQL Injection attacks take advantage of code that does not filter input that is being entered user directly into a form and application that take direct user input then generate SQL Command that execute via back end code. SQL Injection Attacks of web application events that occur most frequently is login form that accepts user name and password as authentication of system. … continue reading : How to prevent SQL Injection Attacks.

28 May 2009 at 13:16 - Comments

SQL Injection Attacks and SQL Server Security

Author : Admin

SQL Injection is a tehnique to manipulate of SQL Command that exploit SQL Server vulnerability of web application layer. This is the SQL Server security to be considered by many programmers and administrators. This vulnerability occurred if user insert text in form of web application. This form of SQL Injection occurs when user input is not filtered for escape characters and is then passed into an SQL Statement. Example, form login of web application as authentication to enter to system with user name and password is required. Field user name and password will make SQL Query to the database to check if a user name has valid name and password. Example SQL Injection in PHP in form login of the POST or GET methode, with a table user.
… continue reading : SQL Injection Attacks and SQL Server Security.

28 May 2009 at 00:14 - Comments

Basic Microsoft SQL Server Security

Author : Admin

Every discuss about Microsoft Windows security and other security discussion, it’s most often described for the first time is the Authentication and Authorization. Authentication is the process of identification of the person / user and Authorization refers to the process of determining what that user can do. At this article, we will discuss about Microsoft SQL Server ( all version of MS SQL Server ), Authentication and Authorization.


In the Microsoft SQL Server, authentication process occures when someone wanted to make a connection to Microsoft SQL Server. User and password is required for some one to be able to access resources of the Microsoft SQL Server. Once the authentication process finishes, Microsoft SQL Server takes control of authorizing user’s can access to object ( Database, table, trigger and function ) and data in the system.


Microsoft SQL Server version 7.0 up, can grant permission to Basic Windows authenticated login on their individual account or the groups of which they are members SQL Server Authenticated. beside this rules, Microsoft SQL Server can grant permission based on the login ID or in membership in database roles, which function like Windows Groups.
… continue reading : Basic Microsoft SQL Server Security.

22 May 2009 at 21:39 - Comments