Login or Sign Up to become a member!
LessThanDot Site Logo

LessThanDot

A Technical Community for IT Professionals

Less Than Dot is a community of passionate IT professionals and enthusiasts dedicated to sharing technical knowledge, experience, and assistance. Inside you will find reference materials, interesting technical discussions, and expert tips and commentary. Once you register for an account you will have immediate access to the forums and all past articles and commentaries.

Browsing "security"

2

T-SQL Tuesday #63: How do you manage security

This month’s T-SQL Tuesday is hosted by Kenneth Fisher (blog | twitter) and its subject is about security. Security is one of those subjects that most DBAs have to deal with regardless of specialty. So as something we all have to work with at some point or another what are some tips you’d like to […]

Read More...
1

SQL Server Database owner ~~UNKNOWN~~

Today I was checking an older server and decided to run sp_helpdb. On a bunch of databases I noticed that the owner was ~~UNKNOWN~~. The only reason I noticed this was when I tried to look at a specific database which is mirrored. I was greeted with thi…

Read More...
0

Giving only insert permissions to a table for a new login

There was a requirement to create a new user who would have only insert permissions to one table, this user would also have insert and select permissions to another table.

This is pretty simple to accomplish. First create this simple database with tw…

Read More...
2

Giving users the ability to change a stored procedure without making them db_owner

I once did some work for a company and noticed that they were running as sysadmin. When I asked why, their answer was that the stored procedures would not work otherwise. This is very bad practice, in general I create a user, and then give execute permi…

Read More...
6

How to change the SA password in SQL Server

There was a question today How to change my local sql server sa password? i would like to expand on my answer in this post

Before I start I would like you to read this post by ted Krueger first: To SA or not to SA to understand why you should not be…

Read More...
0

Please don’t use blacklists, use parameterized queries or stored procs instead

Every now and then you will hear how some site will use a blacklist to ‘protect’ themselves against sql injection. Using a blacklist is very foolish because you can’t ever think of all the different ways that the bad guys will try to bypass your little…

Read More...
1

Is your Apache Server Status wide open for the world to see?

The Apache web server comes with something called Apache Module mod_status installed

From the Apache site: http://httpd.apache.org/docs/2.0/mod/mod_status.html
The Status module allows a server administrator to find out how well their server is perf…

Read More...
2

Don’t fall for the social engineering scam that makes you go to ammyy.com

I am pretty sure that none of our readers would fall for this social engineering scam that would make you share your computer with someone else, I am writing about it because I know of one person who had a call like this but she luckily hung up.

I he…

Read More...
2

SQL Injection Pocket Reference for MySQL, SQL Server and Oracle

There is a nice SQL Injection Pocket Reference up on Google Docs

Here is what is covered

MySQL
Default Databases
Comment Out Query
Testing Injection
Strings
Numeric
In a login
Testing Version
MySQL-specific code
Database Credentials
Data…

Read More...
2

LulzSec has shut down, has ended hacking campaign

LulzSec has just announced that it is shutting down. LulzSec, so far has hacked the CIA, U.S. Senate, Nintendo, Sony and others, has surprisingly announced that it is disbanding.

. /$$ /$$ /$$$$$$
.| $…

Read More...
Next Page »