The SQL Server security model, part 1: principals

2014-07-202014-07-28 / Daniel Hutmacher / 4 Comments

There are a number of layers in the SQL Server security model, giving you a nearly infinite number of ways to set up access control on your server and databases. Security is a huge topic, and there are literally entire books on it, so this series of articles is designed to give you just a quick overview of the SQL Server security model to get you started.

In this first installment, I’ll go through the different types of security principals that are available, as well as how they connect to each other.

Continue reading →

Moving objects between schemas

2013-10-202014-06-25 / Daniel Hutmacher / Leave a comment

Basic model changes when you’ve built your solution can be tricky, because they can require redesigning or rebuilding an entire solution. Sometimes, though, the solution can be pretty easy. Like changing an object’s schema, a task that can be done using the ALTER SCHEMA statement.

Continue reading →

A short introduction to application roles

2013-04-212014-06-25 / Daniel Hutmacher / 1 Comment

Application roles provide a practical way to assign application-specific permissions in your database and to make sure that your applications always use a defined login. Not to be confused with actual roles, application roles are more like users in the database.

Continue reading →

Decrypting SQL objects

2013-03-242018-07-15 / Daniel Hutmacher / 4 Comments

Ever wished you could decrypt a database object in SQL Server? The good news is, you can, even in newer versions of SQL Server! This article will take you through the basics of how to decrypt a database object, and it will hopefully give you some deeper knowledge of how encrypted objects are stored in the database, and how to access them.

Continue reading →

Locked out from SQL Server?

2013-03-242017-10-06 / Daniel Hutmacher / Leave a comment

When you install SQL Server, you need to specify what account(s) or group(s) that you want to give administrative privileges. Way back when, it would be sufficient to be a local administrator on the Windows machine running the SQL Server service, but not any more.

Luckily, there’s a solution.

Continue reading →

A short post on SQL injection.

2013-03-172016-04-09 / Daniel Hutmacher / Leave a comment

Whenever you run dynamic SQL code from an application or in a stored procedure, make sure you clean (called “escaping” in developer-speak) all those apostrophes and semicolons, or you may find yourself on the business end of an SQL injection.

Continue reading →

sqlsunday.com

T-SQL tips and tricks, best practices and query plans from the field.

SQL Server security

Moving objects between schemas

Decrypting SQL objects

A short post on SQL injection.