Convert legacy password storage without aggravating your users

In a previous post I wrote about storing password hashes in a database, which raises the question of how to convert an existing legacy password storage system to use hashes (or even no passwords!) without annoying the people who use your system. Dial ‘S’ for Secret Let’s assume that you have inherited a database which stores passwords
-> Continue reading Convert legacy password storage without aggravating your users

How to really store a password in a database

Recently I wrote: Don’t store passwords in a database. I stand by this statement. I expected a lot of flak because I didn’t explain myself. This post goes into a bit of an explanation of my position, as well as how to go about storing something in a database that can be used for authenticating
-> Continue reading How to really store a password in a database

My IT department installed an antivirus with SQL Server

Time for another short blog post, and this one combines two topics I am very passionate about: security, and SQL Server performance. Let’s start by talking about “antivirus” and what that means in today’s world. The term antivirus (AV) itself is outdated; traditionally, AV products detected malicious activity through fixed patterns of code or patterns
-> Continue reading My IT department installed an antivirus with SQL Server

Do you even PowerShell, bro? An ode to dbatools and dbachecks.

Shall I compare thee to Management Studio? Thou art more scriptable and consistent. Those out-of-memory errors do tend to lose hours of work. And I mean, SSMS doesn’t run from the command line. Sometimes I get those line-endings errors, Not to mention IntelliSense bombing out; And figuring out which tab I was in can be
-> Continue reading Do you even PowerShell, bro? An ode to dbatools and dbachecks.

the world is on fire

Secure or fast? Secure, obviously …

By now you have probably seen the news about a major flaw in the design of CPUs from all major vendors (Intel, AMD, and ARM) resulting in a series of vulnerabilities in operating systems and … web browsers? One of my favourite things to do is to make queries run faster. What the Meltdown and
-> Continue reading Secure or fast? Secure, obviously …

All Mac users should do this immediately

This post is a public service announcement for all users of macOS High Sierra (10.13). (Note: Apple has already released a fix, but if you do not have automatic updates enabled, this may still affect you.) If you didn’t hear about it already, a major security flaw was discovered last week in how the root
-> Continue reading All Mac users should do this immediately

SQL Server 2017 Administration Inside Out

For the last five months or so, I have been helping some really smart people put words on paper, both the physical and electronic kind, which is hopefully going to culminate in an actual technical book that I can point to and say “Yes, that’s the name I invented for myself when we moved to
-> Continue reading SQL Server 2017 Administration Inside Out

Is Transparent Data Encryption just security theatre?

I love theatre. In six months I am putting on two one-act plays for a local festival, because I don’t already have enough on my plate. Security theatre, on the other hand, I don’t like. It is security for the sake of appearances, that offers little to no solution to the problem it claims to
-> Continue reading Is Transparent Data Encryption just security theatre?

Connect Windows 10 client to a VPN on Windows Server 2012 R2

I got a strange request in a Slack channel the other day. A colleague in South Africa, who uses Windows, was unable to connect to our VPN (Virtual Private Network). We use the built-in VPN on Windows Server 2012 R2, which makes it extremely convenient to manage per-user security without opening up the firewall for
-> Continue reading Connect Windows 10 client to a VPN on Windows Server 2012 R2