Patch your SQL Server instance today
On 14 February 2023, Microsoft released updates for all supported versions of SQL Server in the form of a General Distribution Release (GDR). A GDR… Read More »Patch your SQL Server instance today
Home »
Security
You can’t secure your network with spite
I wrote a post a couple weeks ago about not changing port 1433 for security reasons. I received this comment, which is not visible on… Read More »You can’t secure your network with spite
Don’t change your default SQL Server port for security reasons
Since we’re on a recent theme of revising long-held best practices that are not, here’s a timely one for you: Don’t change your default SQL… Read More »Don’t change your default SQL Server port for security reasons
System-versioned ledger tables: things you can’t do
This is the third post in the series about system-versioned ledger tables, a new feature introduced in Azure SQL Database. You can read Part 1… Read More »System-versioned ledger tables: things you can’t do
System-versioned ledger tables: the next step
In the first post of this series, we learned about a new type of system-versioned table that also works at the database level and introduces… Read More »System-versioned ledger tables: the next step
Introducing system-versioned ledger tables
As long-time readers of this blog know, I’m a big fan of temporal tables, also known as system-versioned temporal tables. Until recently, temporal tables were… Read More »Introducing system-versioned ledger tables
Why you need a Dead Man’s Switch
Right off the top here, I must note that the term “dead man’s switch” is archaic, so for the rest of this post I’ll refer… Read More »Why you need a Dead Man’s Switch
Security update for all supported versions of SQL Server (CVE-2021-1636)
Microsoft announced updates today for all supported versions of SQL Server, for a privilege escalation vulnerability that leverages Extended Events. For security reasons no further details… Read More »Security update for all supported versions of SQL Server (CVE-2021-1636)
A new malware attack on SQL Server
Tencent Security has released a report (written in Chinese) describing a new malware attack by the name of “MrbMiner” on SQL Server instances exposed to the Internet… Read More »A new malware attack on SQL Server
Picking up the pieces after the DBA has left: taking ownership of a SQL Server instance
WARNING: This post contains information that can get you fired if you use it without express written permission. In some jurisdictions it might get you… Read More »Picking up the pieces after the DBA has left: taking ownership of a SQL Server instance
What is a strong password anyway?
Background Fellow Microsoft MVP Troy Hunt (blog | Twitter) has been operating the website Have I Been Pwned (HIBP) for a number of years now. For… Read More »What is a strong password anyway?
SQL Server 2019 is here
With the release of SQL Server 2019, I wanted to highlight in a single place some things that I’m excited about. Drawing on sessions I… Read More »SQL Server 2019 is here
When security and news collide
Behold! There’s a scary monster called skip‑2.0, announced by ESET: This backdoor targets MSSQL Server 11 and 12, allowing the attacker to connect stealthily to… Read More »When security and news collide
Convert legacy password storage without aggravating your users
In a previous post I wrote about storing password hashes in a database, which raises the question of how to convert an existing legacy password storage system… Read More »Convert legacy password storage without aggravating your users
How to really store a password in a database
Recently I wrote: Don’t store passwords in a database. I stand by this statement. I expected a lot of flak because I didn’t explain myself.… Read More »How to really store a password in a database