Downloads from this Issue
<--
Buy This Issue!
Buy the single issue PDF of this issue.
Add to Cart
View Cart/Checkout
-->
Table of Contents
Editorial: Secure By Default by Steve Jones
SQL Server 2005 Data Encryption Support
by
Randy Dyess
Perhaps the most highly anticipated new feature of SQL Server 2005 is the built in encrpytion. This article takes a look at just how this is built into SQL Server 2005 and how you might implement it in your environment. download the code
|
|
|
SQL Server Security for the Paranoid DBA
by
James Luetkehoelter
Do you worry about the security of your SQL Server databases? You should, but what should you be worried about? This article takes a look at how to focus your paranoia into the most productive areas.
|
New Useful Features in SQL Server 2005 Security
by
Brian Kelley
SQL Server 2005 has greatly changed the way security will be handled on this platform. This article provides us with a fantastic overview of the changes and how much stronger the security will be in this product.
|
|
|
Row Level Security Using Windows Groups
by
Brian Kelley
Row level security is something that almost every application is asked to provide, but which has proven challenging to developers and DBAs. This article looks at how you can leverage your Windows groups to simplify security, but provide this feature.
(download the code)
|
SQL Server 2005 DDL Triggers
by
Brian Knight
A look at this great new auditing feature that can help you keep control of the schema in your SQL Server 2005 databases.
(download the code)
|
|
|
SQL Server 2005 Profiler
by
Jonathan Frisbee
Profiler looks almost the same as SQL Server 2000 at first glance, but it has evolved quite a bit with SQL Server 2005.
|
Unbreakable?
by
Steve Jones
What a great advertising campaign by Oracle, but did it live up to the hype? A look at SQL Server's biggest competitor.
|
|
|
An Interview with Kurt Windisch
by the
PASS Staff
|
Editorial
Secure By Default
The theme of security seems to be really integrated in SQL Server 2005, more than any other Microsoft product to date. The Trustworthy Computing initiative, seems to have made leaps forward with this product. From the “turned off” idea, where many things are disabled, or not even installed by default, to the Surface Area Configuration Tool, which allows you to examine your installation and reduce the attack surface, or number of places to attack.
This month we focus on Security, primarily on SQL Server 2005 since the product was released just as we shipped the November issue. With the security of applications and software being called into question almost daily these days, it’s important to be sure that you are running a secure database server. The mainstream press is more and more often picking up breeches of security and reporting about them, so maintaining the security of your data to the best of your ability is becoming increasingly important to DBAs.
There are many ways to do this, but encryption and certificates are great places to start. We’ve got articles on each of these topics this month and I’m sure that you’ll be excited to see just how much work was done in this area for SQL Server 2005.
Our resident security guru, Brian Kelley, also brings us two different security topics this month. One is an overview of the changes in SQL Server 2005 and is must read for DBAs having worked only with prior versions. The other examines a topic that I constantly see DBAs dealing with: row level security. Brian looks at how you can leverage your Windows groups to implement this often asked for feature.
In my decade plus of working with SQL Server, capturing changes to objects has always been a request and the usual answer is to setup a trace in Profiler that just runs constantly. We do take a look at Profiler in this issue, but many of you will be interested to know that there are now DDL triggers that fire on object changes, allowing you to setup an auditing scheme to track those changes.
We also have a couple of extended editorial type pieces this month. The first looks at what security means for the paranoid DBA; the DBA highly concerned with actual break-ins. The other is one I wrote after seeing an open letter about the Oracle patch problems. It struck a chord with me after their “Unbreakable” advertising campaign.
Security is a tough business and this issue only scratches the surface. If we had an extra 500 pages, we might provide you a great reference for SQL Server 2005, but in this limited format, we are just scratching the surface and giving you a broad look at some things you might want to dig deeper into with this version of SQL Server.
Steve Jones
|