SQL Server Security Distilled

SQL Server Security Distilled
by Morris Lewis
Copyright 2002
Curlingstone Publishing

Find out more about this book, or purchase it, from Amazon.com

Several years ago, when I was teaching SQL Server classes full-time, I can remember telling my students that there weren't any viruses or other software that could attack SQL Server. At that time I was correct, there weren't any documented ones. But times have changed. As SQL Server has grown in importance, hackers have started to make SQL Server a favorite target. Because of this, and many other reasons you are already familiar with, SQL Server security is becoming a hot topic. The days are gone (I hope) where DBAs use a SA password of "blank" for their production servers.

SQL Server security is a two-headed beast. In many ways, it is easy to set up and maintain. But in other ways, it can be confusing, frustrating, and time consuming. In fact, many of the DBAs who have used "blank" as the SA password have done so because that is the only way they could get an application to work with SQL Server. Obviously, this is more of a problem with software developers, not DBAs.

If you want to master SQL Server security, whether it be for versions 6.5, 7.0, or 2000, you may want to pick up a copy of the new book SQL Server Security Distilled. This short, but comprehensive book, not only shows you how SQL Server security works, but shows you how to best set it up to provide the best overall security possible.

Here's what this book covers:

• Options for Authentication

• Options for Authorization

• Password Strategies

• Authentication in SQL Server 6.5

• Authentication in SQL Server 7.0 and 2000

• Managing Login Accounts

• Server Roles

• Managing Database Access in SQL Server 6.5

• Managing Database Permissions in SQL Server 6.5

• Managing Database Access in SQL Server 7.0 and 2000

• Managing Database Permissions in SQL Server 7.0 and 2000

• The Art of Assigning Permissions in SQL Server 7.0 and 2000

• Database Roles in SQL Server 7.0 and 2000

• Object Ownership in SQL Server 7.0 and 2000

• Choosing an Authentication Scheme

• Securing Internet Applications

• Securing SQL Server Data

• The SQL Injection Attack

• Securing Data Transformation Packages (DTS)

• Replication Security

• Managing Security for SQL Server CE

This book covers both beginning and advanced SQL Server security topics, and almost every DBA can learn something new from it. I highly recommend it. In fact, I recommend that all DBAs pick up a copy of it, read it, and then pass it along to some of their "developer" friends. While I personally feel that most DBAs recognize the importance of SQL Server security, many "developers" do not. (Of course, if you are a developer reading this, I don't mean you.)