Intruding into Dummy Websites

Phil Factor muses on security, bayonets, and databases, and somehow manages to pull it all together in this editorial.

Why I Say Something about Running as Administrator

On a couple of recent webcasts, I pointed out the folks were running with the local Administrator account. To start this out, I'm not a big fan of security by obfuscation. Security by obfuscation (not code obfuscation, but security by obscurity, if...

Automate collection and saving of failed logins for SQL Server

I re-cycle my SQL Server log every night using sp_cycle_errorlog. However, before I do, I would like to capture all of the failed logins recorded. I have auditing turned on for failed logins, but I want to make sure that I capture those events into a table so I can report on. How can I do this?

Dead Data

What happens to the data of a company if it goes out of business? Steve Jones has a little experience and says it might not be as simple as you think.

Dead Data

What happens to the data of a company if it goes out of business? Steve Jones has a little experience and says it might not be as simple as you think.

Dead Data

What happens to the data of a company if it goes out of business? Steve Jones has a little experience and says it might not be as simple as you think.

Dead Data

What happens to the data of a company if it goes out of business? Steve Jones has a little experience and says it might not be as simple as you think.

SQL Server 2008 Administration

Questions about maintaining, configuring, or upgrading an instance to SQL Server 2008./

MD2

SQL Injection - Why I Don't Think Parameterization is Enough

One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...