SQL Server security precon at TechEd 2010.

This blog posting is meant to bring attention to the fact that I'm doing a preconference talk, "A Day of SQL Server Security" at TechEd 2010 in New Orleans in June. OK, the TechEd folks asked me to publicize it. I'm also doing two breakout sessions, one on "Entity Framework and LINQ2SQL vs. Stored Procedures", and the other on "Integrating Microsoft SQL Server Event Tracing with OS-Level Events and Database Client Events".

Although I've done individual topics of SQL Server Security before (e.g. Auditing, at TechEd Europe 2009) you might be saying to yourself, "this Beauchemin guy is known for database development, what's his background in security anyhow?". Well, I did write the "SQL Server Security Best Practices Whitepaper" for SQL Server 2005. But there's a better story.

In 1992, I made my one-and-only foray into the world of startup companies, when I joined (as employee #2) a company called Open Computing Security Group (OCSG). This company eventually grew and changed its name to CyberSafe, and it's still around today. At "the beginning" we concentrated on Kerberos software, releasing commercial versions of Kerberos for 5-6 Unix variants and Kerberos clients for Windows (3.1) and Mac. This included SDKs, like the GSSAPI, and clients like klogin/klogind. My first Kerberos port was targeted at the NeXT computer.

The new company was going strong and, in addition to the products, we did security audits and taught classes on Kerberos protocol and implementation. The very first class I ever taught was on Kerberos; students seemed to like it, although I immediately went back to being "that geek in the corner who wrote code, and spoke to no one". 😉 Other classes came along post-OCSG.

When Kerberos R5 was released, I was asked to brainstorm a list of products where Kerberos could be integrated. I came up with about 25 ideas (probably not new ideas, but they were new to me) including using Kerberos for database authentication/authorization and using a database as a repository for the KDC. Eventually, I split with the company as it grew.

I've always had a fondness for computer security ever since. And I've been implementing, studying, and teaching anything to do with SQL Server security. Hence, the preconference talk. Be you DBA, developer, architect, or anything in between, I think it will be worth your while.

Other articles

Over 1000 XEvents in SQL Server 2016 CTP2. Here are the new ones.

Extended events has firmly established itself as the premier diagnostic feature in SQL Server and SQL Server 2016 brings along more events to correspond to

Taking the Azure SQL Database row-level security preview for a spin

The security announcements around Azure SQL Database keep coming. Auditing was implemented a few months ago, and today it was followed by a preview of

Azure SQL Database V12 Preview – Spatial Fully Functional

Yesterday’s blog post about Azure SQL Database V12 mentioned that one of the features I was particularly interested in seeing/testing were the spatial features. Interestingly,

Not a “me-too announcement” blog on Azure SQL Database V12 preview

In general, I usually hate “me too” announcement blog posts. Over the years, I’ve considered it less than useful to simply repeat “Product XXX released

AzureML: What components are used by the sample experiments?

A few months ago, I embarked on a project to learn more about data mining, machine learning and, as a prerequisite, statistics. I was tired

Book Review: Chris Webb’s “Power Query for Power BI and Excel”

I’ve been experimenting with Power Query and the rest of the Power BI suite in Excel (desktop edition) since it was originally released. But, like

Imagine feeling confident enough to handle whatever your database throws at you.

With training and consulting from SQLskills, you’ll be able to solve big problems, elevate your team’s capacity, and take control of your data career.