This month’s T-SQL Tuesday is hosted by Kenneth Fisher (blog | twitter) and its subject is about security. Security is one of those subjects that most DBAs have to deal with regardless of specialty. So as something we all have to work with at some point or another what are some tips you’d like to […]
Less Than Dot is a community of passionate IT professionals and enthusiasts dedicated to sharing technical knowledge, experience, and assistance. Inside you will find reference materials, interesting technical discussions, and expert tips and commentary.
Today I was checking an older server and decided to run sp_helpdb. On a bunch of databases I noticed that the owner was ~~UNKNOWN~~. The only reason I noticed this was when I tried to look at a specific database which is mirrored. I was greeted with thi…
There was a requirement to create a new user who would have only insert permissions to one table, this user would also have insert and select permissions to another table.
This is pretty simple to accomplish. First create this simple database with tw…
I once did some work for a company and noticed that they were running as sysadmin. When I asked why, their answer was that the stored procedures would not work otherwise. This is very bad practice, in general I create a user, and then give execute permi…
There was a question today How to change my local sql server sa password? i would like to expand on my answer in this post
Before I start I would like you to read this post by ted Krueger first: To SA or not to SA to understand why you should not be…
Every now and then you will hear how some site will use a blacklist to ‘protect’ themselves against sql injection. Using a blacklist is very foolish because you can’t ever think of all the different ways that the bad guys will try to bypass your little…
The Apache web server comes with something called Apache Module mod_status installed
From the Apache site: http://httpd.apache.org/docs/2.0/mod/mod_status.html
The Status module allows a server administrator to find out how well their server is perf…
I am pretty sure that none of our readers would fall for this social engineering scam that would make you share your computer with someone else, I am writing about it because I know of one person who had a call like this but she luckily hung up.
There is a nice SQL Injection Pocket Reference up on Google Docs
Here is what is covered
Comment Out Query
In a login
LulzSec has just announced that it is shutting down. LulzSec, so far has hacked the CIA, U.S. Senate, Nintendo, Sony and others, has surprisingly announced that it is disbanding.
. /$$ /$$ /$$$$$$