SQL server security

The three pillars of security according to Microsoft are:

  1. Reliability
  2. Confidentiality
  3. Reliability

Most, if not all companies keep their SQL Server inside a firewall. However, SQL Server database can still be attacked internally. So, all CIO's ensure that SQL Server is secured.

We know that Microsoft supports two modes of authentication.

Windows Only

Only Windows accounts can access the server

Windows and SQL Server

Both Windows accounts and accounts created within SQL Server can access the server. If you are sure that an attack is impossible, you can use Windows Only authentication. However, SQL Server 2005 has grown leaps and bounds and there is increased security of standard SQL Server logins. This has been achieved by including password complexity and timeouts.

Tips for keeping SQL Server secure:

The following six tips can be used to keep your sql server secure.
  1. Encrypt and Backup SQL Server files in a secure location
  2. Use Microsoft's Baseline Security Analyzer frequently
  3. Update SQL Server service packs and patches
  4. Check for weak passwords in SQL Server accounts
  5. Give access to only trusted clients
  6. Use Windows Only authentication wherever possible
Why we should not give 'sa' privileges

Ability to read, write, and mutilate all data stored on the SQL Server databases

Why we should not give "db_owner" privileges

Ability to drop tables, create new objects, and generally take total control of the affected database.

New features in SQL Server 2005 security

Surface Area Configuration

The first tool you run on installation is the SQL Server Surface Area Configuration Tool, with a link to configure services and protocols.

Default Off

To reduce unauthorized access after initial installation, a number of services have been turned off or set for manual start-up so no inadvertent access is granted.

Data and Native Encryption

SQL Server 2005 provides plenty of new features for securing the database. Database administrators can allow developers focus on the database details, as long as the developer works within the specified constraints. SQL Server 2005 supports encryption capabilities within the database itself.

Granular Permissions

Built on the principle of least privileges SQL Server permissions are more granular now to restrict the scope of rights.

User and Schema Separation

The standard link connecting users and the database objects they own is now dropped.

cover image of azure cloud book

Develop Azure Applications

Azure Cloud is gaining popularity and is competing with Amazon Elastic Cloud and Google Cloud for a spot in the billion dollar Cloud computing space.

With this book learn how to use - Table (an Azure Table is different from a SQL Server Table), Queue, Blob storage services, use your local machine to create an Application and a Service, how Azure splits a Table to achieve Load Balancing, Scalability based on the Partition Key, AppFabric Service Bus, Access Control Service, role of Fabric Controller, features of Azure SQL Database and Content Delivery Network.

Many have mastered Cloud Programming and are enjoying the benefits. Why not you?

View Highlights » View Contents »
cover image of foundation database programming book

Create your Own Accounting Software

A foundation book to Master Accounting Software Development, VB.Net, C# and OOPs programming. Detailed explanation of the Accounting domain for programmers is included. SQL and ADO.Net is also covered in detail.

This book gives you a strong foundation in Application Development.

A thorough understanding of the contents will enable you to grasp the topics covered in the accompanying books quite easily. This is because, the accounting domain is dealt with great detail in this book.

The ideal book to get started with application development in the .Net world.

View Highlights » View Contents »

cover image of asp.net book

Create your Own WEB ERP Software using ASP.Net

This book opens you to the Web. Using ASP.Net, C# and SQL Server as the tools, you will learn to build a Multi Tier Web Application as recommended by Microsoft. You will learn implementing inline GridView control, Transaction Management for a layered Web Application, build Data Access component and a Business Layer component.

Opens you to a world of opportunities. You will be able to develop a Web ERP application including all the five modules and learn how to use the TreeView control and GridView control to implement transactions such as Purchase Invoice, Sales Order and Sales Invoice.

View Highlights » View Contents »
cover image of entity framework book

ASP.Net MVC 5 Application Development Using Entity Framework 6 and VS 2015

Entity frameworks is the latest buzz in .Net programming and is the data access technology for Microsoft OS based hand held devices and web applications. Learn to integrate EF into an ASP.Net Application and MVC application. Create, explore and query the Entity Data Model. Learn how to use ObjectDataSource control and GridView control in an ASP.Net Application.

Also, learn to build Three-Tier ASP.Net application, create a business-class, implement methods in the class to perform CRUD operations and bind a GridView to the ObjectDataSource control. Learn how to handle concurrency and managing Transactions.

View Contents »