Home > IT Blogs > SQL Server with Mr. Denny/

SQL Server with Mr. Denny:

Data Security

12
May 5, 2013  2:38 PM

Two Factor Authentication Shouldn’t Depend on One Factor



Posted by: Denny Cherry
Bank of America, Data Security, Security, Social Commentary, SQL, SQL Server, Technology, Two Factor Authentication

Bank of America has decided to implement two factor authentication on their website when doing specific things like adding a remote account to transfer money to, or when doing a wire transfer (basically anything where money is going to leave the account). So far...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

February 6, 2013  2:00 PM

When Designing Logon Systems, Pay More Attention To Password Questions.



Posted by: Denny Cherry
Data Loss, Data Security, Database Design, Database security, Identity theft, Laws, Lawyers, Lesson Learned, Mayhem, Phishing, Security, Social Commentary, SQL Server

In recent months the Internet has started to wake up to security just a little bit more, and probably forgotten all about it as well (read this,

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

December 26, 2012  2:00 PM

Cross Database Chaining



Posted by: Denny Cherry
Data Security, Database, Database security, Security, SQL Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012

Cross database chaining in SQL Server is actually a fairly old feature, first introduced in SQL Server 2000 SP3.  However this feature isn't often understood mostly because it isn't often used. Database chaining is when permissions cascade from one object to another because they are used by the...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 10, 2012  9:00 AM

Encrypting data in the same column



Posted by: Denny Cherry
Data Encryption, Data Loss, Data Security, Data Types, Database, Database Administration, Database Design, Database security, Encryption, Identity theft, Security, SQL, SQL Server, SQL Server stored procedures, Stored Procedures, T/SQL, Tables

I wrote a little while ago about the fact that sensitive data needs to be encrypted within the database for all applications.  This is the first technique that is available to you to encrypt data...

  Bookmark and Share     1 Comment     RSS Feed     Email a friend

August 15, 2012  2:00 PM

Old Web Based Applications Need To Be Removed



Posted by: Denny Cherry
Data Loss, Data Security, Database, Database Administration, SELECT statement, SQL Injection, SQL Server, Stored Procedures

What happens to most obsolete web based applications at most companies?  They sit idle on a web server for months, sometimes years.  Why is this a problem? Because many of these old applications can be easily exploited via SQL Injection allowing access into the SQL Server databases which they...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 9, 2012  2:00 PM

Second Edition of Securing SQL Server now longer available for pre-order. It’s Shipping! (repost)



Posted by: Denny Cherry
AlwaysOn, Availability Groups, Azure, Data Loss, Data Security, Database Administration, Database security, Microsoft Windows, Security, SQL, SQL Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012, Storage

In case you missed the blog post over on securingsqlserver.com, I wanted to repost it here... I'm afraid that I've got some bad news.  You can no longer pre-order

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 2, 2012  4:00 PM

Sensitive Data Must Be Encrypted



Posted by: Denny Cherry
Data Encryption, Data Loss, Data Security, Database Administration, Database Design, Database security, Encryption, Exploit, Hashing, Security, SQL, SQL Server

The title of this post pretty much says it all.  If you store sensitive data in a database you have to work under the assumption that someone is going to try and break into the system and steal that data.  Thinking otherwise simply isn’t responsible as the developer and/or administrator of the...

  Bookmark and Share     1 Comment     RSS Feed     Email a friend

July 30, 2012  4:00 PM

Why is SQL Injection still a problem?



Posted by: Denny Cherry
Data Loss, Data Security, Database Administration, Database security, Exploit, Security, SQL, SQL Server

SQL Injection is probably the most popular attack vector for hackers when they attempt to break into databases.  The reason for this is that it is so easy for an attacker to gain access to the system, and typically to get pretty high level permissions to a database engine so that they can then...

  Bookmark and Share     1 Comment     RSS Feed     Email a friend

July 26, 2012  2:00 PM

Security Sessions at SQL PASS 2012



Posted by: Denny Cherry
Data Encryption, Data Loss, Data Security, Database, Database Administration, Database Design, Database security, Encryption, Security, SQL Injection, SQL PASS, SQL PASS 2012, SQL Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012

The SQL PASS session list for the SQL PASS 2012 Summit has been released.  This year there are 192 sessions being presented at the SQL PASS summit.  Last year at the 2011 summit there were only a couple of sessions...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

June 19, 2012  2:00 PM

I’ll be at SQL PASS 2012, will you?



Posted by: Denny Cherry
AlwaysOn, Availability Groups, Data Security, Database security, In Person Events, SQL PASS, SQL PASS 2012, SQL Server

It appears that I've been selected to give a couple of presentations at the premier Microsoft SQL Server conference again this year.  At the 2012 SQL PASS Summit in Seattle, WA this year I'll be presenting a regular session titled "

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

12