SQL Server Performance Forum – Threads Archive

SQL 2005 Security Best Practices?

Anyone seen a published security best practices for SQL2005? I am looking for something simular tohttp://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec04.mspx with a SQL2005 base. Also, anyone know if Best Practices Analyzer will be available for SQL2005?

I believe the best practices will come into effect once the full product has been used and you may need to wait until end of this year to see such information. As of now there is no information about BPA usage in SQL 2005. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.

Thanks Satya, I did dig up some information in the latest books online, but it still wasn’t to the level I would have hoped. Matt

hi, a link to refer : <a href=’http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx’ target=’_blank’ title=’http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx'<a target="_blank" href=http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx>http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx</a></a> <a href=’http://searchsqlserver.techtarget.com/originalContent/0,289142,sid87_gci1102096,00.html’ target=’_blank’ title=’http://searchsqlserver.techtarget.com/originalContent/0,289142,sid87_gci1102096,00.html'<a target="_blank" href=http://searchsqlserver.techtarget.com/originalContent/0>http://searchsqlserver.techtarget.com/originalContent/0</a>,289142,sid87_gci1102096,00.html</a> <a href=’http://www.sql-server-performance.com/forum/topic.asp?TOPIC_ID=10998′ target=’_blank’ title=’http://www.sql-server-performance.com/forum/topic.asp?TOPIC_ID=10998′<a target="_blank" href=http://www.sql-server-performance.com/forum/topic.asp?TOPIC_ID=10998>http://www.sql-server-performance.com/forum/topic.asp?TOPIC_ID=10998</a></a> HTH [<img src=’/community/emoticons/emotion-1.gif’ alt=’

‘ />] Regards Hemantgiri S. Goswami [email protected] "Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemantgiri Goswami

We may need to wait another month to get hold of any news on working with SQL SErver 2005 full product release. I believe Microsoft will not release any affiliated tools until the full product is bug fixed. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.

<blockquote id="quote">quote:<hr height="1" noshade id="quote"> until the full product is bug fixed <hr height="1" noshade id="quote"></blockquote id="quote"> Hm, you should have better written "until the full product goes RTM". [<img src=’/community/emoticons/emotion-2.gif’ alt=’

‘ />] – Frank Kalis Microsoft SQL Server MVP http://www.insidesql.de</a> Ich unterstÃ¼tze PASS Deutschland e.V. <a target="_blank" href=http://www.sqlpass.de>http://www.sqlpass.de</a>)

Agreed, please read my last words on above post as referred by Frank [<img src=’/community/emoticons/emotion-1.gif’ alt=’

‘ />]. <hr noshade size="1">Satya SKJ Moderator http://www.SQL-Server-Performance.Com/forum</a> <center>This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.</center>

Very interesting. I suppose one thing not in many of the documents is to backup your Service Master Encryption Key after you install SQL. I would guess if you had a disaster and had to reinstall SQL, without your Master Key, you won’t be able to get your encrypted data.

True and that is the reason better not to use system supplied encryption functions, better to develop them in-house for better troubleshooting. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.

]]>