Search this site

Co-Authored Books:
This site is dedicated to those who are serious about security - specifically, Microsoft SQL Server security. Whatever your feelings about Microsoft, the bottom line is that these servers are showing up everywhere and its time we learned how to properly secure them. At this site we do just that. We find problems, post solutions, and get the word out. If anyone tells you that security ends with the OS, they are dead wrong. Many times excellent network and host-based security has been bypassed exposing the very heart of the enterprise: all because of poor SQL Server configuration.   

"There is no 'patch' for stupidity."

Recent Blog Entries

  • Another patch tool
    While not open source, if you need a simple tool to patch third-party applications on a Windows machine you may want to check out www.patchmypc.com.  They've done a good job of automatic a process that should have been automated a long time ago.  What is needed now is to have a similar application delivered as a system service that runs on all computers in a domain.  Microsoft Systems Center Configuration Manager is close but who has time to constantly create new deployment packages?  The folks at patchmypc have the right idea.  They maintain the package database - you just choose which applications you want to patch.
    Posted Mar 24, 2013, 8:06 AM by Chip Andrews
  • Reviewing a New Book on SQL Security
    I am in the process of reviewing a copy of "Microsoft SQL Server 2012 Security Cookbook" from PackT publishing.  I will be sure to post my review when completed but in the meantime if anyone is interested in an eBook version the publisher is offering 5 to anyone who posts a response to this blog entry with a reason "why you would like to get the book".  Hey - free stuff - why not?  Only the "Top 5" comments will win and those will be the only ones given to the publisher for prize distribution.  I will leave this open for comments until 11/15/12. UPDATE: I've closed the contest and sent the top 5 reasons to the publishers.  The winners should receive their free copies at any time.
    Posted Nov 17, 2012, 5:30 AM by Chip Andrews
  • SQL Server in Memory Only?
    Microsoft is making moves towards an in-memory database.  While the security implications of this may be unknown - it's not too early to starting thinking about it.  http://blogs.technet.com/b/dataplatforminsider/archive/2012/04/09/the-coming-in-memory-database-tipping-point.aspx
    Posted Jun 28, 2012, 6:36 AM by Chip Andrews
  • SQL Server 2012 Released
    I've already created a SQL Server 2012 section to the version database for the release candidates but this is still an important milestone since now SQL Server 2012 will begin to show in production environments.  We'll keep our ears to the ground for any new vulnerabilities!   http://www.microsoft.com/sqlserver/en/us/default.aspx
    Posted Apr 15, 2012, 5:38 AM by Chip Andrews
Showing posts 1 - 4 of 11. View more »

In The News