Running SSMS after AD account is disabled

Why Use the Principle of Least Privilege?

SQL Injection isn't special code. It consists of regular, valid T-SQL that is unexpected by the application. Steve Jones notes that using the principle of least privilege can help to limit the damage from SQL Injection if the application fails to properly check input.

SQL Injection Everywhere

Steve Jones talks about the possibility of SQL Injection, or other security issues from malformed input, affecting our lives in new and annoying ways.

Smart Energy Doesn't Seem So Smart

Quite a few utility companies and energy producers have ha data breeches in the last year, yet most of them don't have good tools to detect the intrusions or the support of executive management. Steve Jones talks about this being a problem in many companies.

Discuss content posted by Partha Pal

Discussions about content posted by Partha Pal

Security Audit Db_DataReader

Uses sp_MsForEachDb, locates members in db_datareader with permissions other than Select and Connect.

Hacking Data

A new series of attacks were proven recently using music files to attach embedded systems in cars. Could this be another attack vector that we need to worry about?

DBA Concerns

A survey of Oracle DBAs shows them having a number of security concerns. Steve Jones thinks that a survey of SQL Server DBAs would be similar.

Hiding System Objects in Object Explorer in SQL Server Management Studio

While looking through the new features and improvements in SQL Server Management Studio (SSMS) we found a potentially interesting one to Hide System Objects in Object Explorer in SQL Server Management Studio. In this tip we will take a look at how to Hide System Objects in Object Explorer.

Slow Fixes

Today we have an editorial reprinted from Jan 15, 2006 as Steve is on vacation. This one talks about the patching process at Microsoft, and why it sometimes is slower than we might like.