USEFUL SITES :
Write for Us
SQL Server Security Distilledby Morris LewisCopyright 2002Curlingstone Publishing
Several years ago, when I was teaching SQL Server classes full-time, I can remember telling my students that there weren't any viruses or other software that could attack SQL Server. At that time I was correct, there weren't any documented ones. But times have changed. As SQL Server has grown in importance, hackers have started to make SQL Server a favorite target. Because of this, and many other reasons you are already familiar with, SQL Server security is becoming a hot topic. The days are gone (I hope) where DBAs use a SA password of "blank" for their production servers.
SQL Server security is a two-headed beast. In many ways, it is easy to set up and maintain. But in other ways, it can be confusing, frustrating, and time consuming. In fact, many of the DBAs who have used "blank" as the SA password have done so because that is the only way they could get an application to work with SQL Server. Obviously, this is more of a problem with software developers, not DBAs.
If you want to master SQL Server security, whether it be for versions 6.5, 7.0, or 2000, you may want to pick up a copy of the new book SQL Server Security Distilled. This short, but comprehensive book, not only shows you how SQL Server security works, but shows you how to best set it up to provide the best overall security possible.
Here's what this book covers:
Options for Authentication
Options for Authorization
Password Strategies
Authentication in SQL Server 6.5
Authentication in SQL Server 7.0 and 2000
Managing Login Accounts
Server Roles
Managing Database Access in SQL Server 6.5
Managing Database Permissions in SQL Server 6.5
Managing Database Access in SQL Server 7.0 and 2000
Managing Database Permissions in SQL Server 7.0 and 2000
The Art of Assigning Permissions in SQL Server 7.0 and 2000
Database Roles in SQL Server 7.0 and 2000
Object Ownership in SQL Server 7.0 and 2000
Choosing an Authentication Scheme
Securing Internet Applications
Securing SQL Server Data
The SQL Injection Attack
Securing Data Transformation Packages (DTS)
Replication Security
Managing Security for SQL Server CE
This book covers both beginning and advanced SQL Server security topics, and almost every DBA can learn something new from it. I highly recommend it. In fact, I recommend that all DBAs pick up a copy of it, read it, and then pass it along to some of their "developer" friends. While I personally feel that most DBAs recognize the importance of SQL Server security, many "developers" do not. (Of course, if you are a developer reading this, I don't mean you.)
