Physical security

This month’s T-SQL Tuesday (hosted by Kenneth Fisher – @sqlstudent144) is about security This hasn’t been my area of expertise for a long time, although I did write a long TechNet Magazine article about common security issues and solutions back in 2009. There’s a huge amount that’s been written about implementing security in SQL Server and Windows – working towards […]

A SQL Server DBA myth a day: (4/30) DDL triggers are INSTEAD OF triggers

(Look in the Misconceptions blog category for the rest of the month’s posts and check out the 60-page PDF with all the myths and misconceptions blog posts collected together when you join our Insider list, plus my online Myths and Misconceptions training course on Pluralsight.) Myth #4: DDL triggers (introduced in SQL Server 2005) are […]

TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions

The May 2009 TechNet Magazine is now available online, and it's the annual security issue. In there is an article I wrote highlighting 10 common security issues (and solutions) you should worry about if you're not a security-savvy DBA. It covers: Physical security Network security Attach surface minimzation Service accounts Restricting use of administrator privileges […]

How to scan a network looking for SQL instances

I came across a good post over at the Data Management section of Less Than Dot, describing how to scan through a network looking for unsecure SQL instances. It makes use of the free SQL Ping tool and describes automating the process using SSIS. This is pretty interesting to me as I’ve just finished writing […]

New whitepaper on SQL Server Audit in 2008

One set of features i haven't blogged about yet in SQL Server 2008 are the new security features: SQL Server Audit, Transparent Data Encryption, and Extensible Key Management. I've just finished writing a security article for the May 2009 TechNet Magazine (the annual security issue) and while trolling around TechNet I found that the security […]

Dev Connections newsletter

At the last Connections conference in April, the conference organizers tapped a bunch of speakers for interviews, articles, and other content to put into a free “newsletter” called MyDevConnections, and now it’s finally available. It covers all the Connections conferences, so isn’t just limited to SQL Server. As far as SQL is concerned, Kimberly and […]

Follow-on from instant initialization privilege checking

I got bored on the first leg of the journey from Seattle to London so thought I’d bang out a quick blog post. After my previous post on checking whether a SQL instance is able to use instant initialization (see here), I had a discussion with Scott R., who regularly comments on blog articles. He […]

SQL Server 2008: Does my database contain Enterprise-only features?

Moving databases around is pretty common, as is moving databases between servers running different Editions of SQL Server, especially during a disaster recovery situation. You may not know this, but in SQL Server 2005, if you had partitioning anywhere in a database, you could only attach/restore that database using an Enterprise or Developer instance. I […]