SQL Server with Mr. Denny:

Database security


March 5, 2014  5:00 PM

Risks of Password Changes



Posted by: Denny Cherry
Change Password, Database security, Security, SQL Server

We all know that we should be changing the passwords for our service accounts every once and a while (ever 90-180 days or so) just in...

December 18, 2013  2:00 PM

Encryption and Compression



Posted by: Denny Cherry
Backup & recovery, BACKUP DATABASE, Data Loss, Data Security, Database, Database Administration, Database security, Indexing, Security, SQL Server, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012, SQL Server 2014, Storage, Tables

We have a variety of options when it comes to compression and encryption in SQL Server. When using both compression and encryption you...


February 6, 2013  2:00 PM

When Designing Logon Systems, Pay More Attention To Password Questions.



Posted by: Denny Cherry
Data Loss, Data Security, Database Design, Database security, Identity theft, Laws, Lawyers, Lesson Learned, Mayhem, Phishing, Security, Social Commentary, SQL Server

In recent months the Internet has started to wake up to security just a little bit more, and probably forgotten all about it as well (read


December 26, 2012  2:00 PM

Cross Database Chaining



Posted by: Denny Cherry
Data Security, Database, Database security, Security, SQL Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012

Cross database chaining in SQL Server is actually a fairly old feature, first introduced in SQL Server 2000 SP3.  However this feature isn't often understood mostly because it isn't often used. Database chaining is when permissions cascade from one object to another because they are used by the...


December 6, 2012  12:42 PM

SQL Saturday 194 (#sqlsat194) Here I Come



Posted by: Denny Cherry
Data Encryption, Database security, Encryption, Security, SQL PASS, SQL Saturday, SQL Saturday 194, SQL Server

I'm so happy to be able to announce that I'll be giving a precon at SQL Saturday 194 over in England on Friday March 8th, 2013.  This precon will be will be on SQL Server...


October 10, 2012  9:00 AM

Encrypting data in the same column



Posted by: Denny Cherry
Data Encryption, Data Loss, Data Security, Data Types, Database, Database Administration, Database Design, Database security, Encryption, Identity theft, Security, SQL, SQL Server, SQL Server stored procedures, Stored Procedures, T/SQL, Tables

I wrote a little while ago about the fact that sensitive data needs to be encrypted within the database for all applications.  This is the first technique that is available to you to encrypt data...


August 9, 2012  2:00 PM

Second Edition of Securing SQL Server now longer available for pre-order. It’s Shipping! (repost)



Posted by: Denny Cherry
AlwaysOn, Availability Groups, Azure, Data Loss, Data Security, Database Administration, Database security, Microsoft Windows, Security, SQL, SQL Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012, Storage

In case you missed the blog post over on securingsqlserver.com, I wanted to repost it here... I'm afraid that I've got some bad news.  You can no longer pre-order


August 2, 2012  4:00 PM

Sensitive Data Must Be Encrypted



Posted by: Denny Cherry
Data Encryption, Data Loss, Data Security, Database Administration, Database Design, Database security, Encryption, Exploit, Hashing, Security, SQL, SQL Server

The title of this post pretty much says it all.  If you store sensitive data in a database you have to work under the assumption that someone is going to try and break into the system and steal that data.  Thinking otherwise simply isn’t responsible as the developer and/or administrator of the...


July 30, 2012  4:00 PM

Why is SQL Injection still a problem?



Posted by: Denny Cherry
Data Loss, Data Security, Database Administration, Database security, Exploit, Security, SQL, SQL Server

SQL Injection is probably the most popular attack vector for hackers when they attempt to break into databases.  The reason for this is that it is so easy for an attacker to gain access to the system, and typically to get pretty high level permissions to a database engine so that they can then...


July 26, 2012  2:00 PM

Security Sessions at SQL PASS 2012



Posted by: Denny Cherry
Data Encryption, Data Loss, Data Security, Database, Database Administration, Database Design, Database security, Encryption, Security, SQL Injection, SQL PASS, SQL PASS 2012, SQL Server, SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012

The SQL PASS session list for the SQL PASS 2012 Summit has been released.  This year there are 192 sessions being presented at the SQL PASS summit.  Last year at the 2011 summit there were only a couple of sessions...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: