Conducting a SQL Server Operational Audit

Auditing, analyzing and documenting your SQL Server installation is becoming more important all the time, especially as more and more attention is being paid to the security of your environment. Chad Miller brings us a look at a framework and a sample document you can use in your environment to conduct an audit.

You are setting up replication in SQL Server...

You are working with SQL Server 2005 and...

Hacker's-eye view of SQL Server

If a hacker sets sights on your SQL Server, there are four primary methods he can use to take control and carry out unauthorized, malicious activity. I will look at each of these: Password compromise, Account compromise, SQL injection, Buffer overflows

Updated SQL Injection

SQL injection has been a hot topic the last couple years and there are some great articles at SQLServerCentral.com on this topic. Michael Coles brings us an updated look at this SQL Server security issue with some new examples you might not have previously thought.

Under which account does the SQL Server 2005...

Free Encryption

Free SQL Server 2000 Encryption for your data!!! Author Michael Coles has put together a tolljit and some XPs that you can use to encrypt your data with the Blowfish algorithm. It is hard to write good applications that encrpyt data and manage the keys and security. This will give you a great headstart on protecting your data.

Easy Auditing a Shared Account

Despite the major advances made with Profiler in SQL Server 2005, auditing changes isn't one of the strengths of the product. New author Sergey Pustovit brings us his technique that allows auditing of actions using shared accounts from an application. A few minor code changes, but overall this is a very interesting idea.

You are working with SQL Server 2005 and...

RE: Replication error when using IP address

Hi SRB,I don't know if a push subscription would have the same error because the publisher does not know the address of the subscriber, as the ip address may constantly change etc. Plus the nature of the system is such that only a pull subscription is feasible.I would assume it would have the same error […]