Tag Archives: security

Checking Permissions

Posted on May 17, 2011 by way0utwest

Someone posted this query recently: select a.*,name, b.* from sys.database_principals a, sys.database_permissions b where permission_name = ‘INSERT’ and b.grantee_principal_id = a.principal_id That’s a little ugly, so let’s fix it: SELECT  a.name, a.principal_id, a.is_fixed_role       , a.default_schema_name       , b.permission_name, b.permission_name … Continue reading

Posted in Blog | Tagged , , | Comments Off on Checking Permissions

Patch Week

Posted on May 11, 2011 by way0utwest

My email account started getting notices of Windows patches yesterday, indicating it’s patch week again. If you manage Windows devices, be sure you are aware of the patches that came out. The May Bulletin on Technet shows 2 issues, one … Continue reading

Posted in Blog | Tagged , , | Comments Off on Patch Week

Why Use the Principle of Least Privilege?

Posted on April 12, 2011 by way0utwest

SQL Injection is not the fault of the SQL Server. Brian Kelley pointed that out, and reminded me that SQL Injection isn’t an case of malformed SQL. It’s legitimate code, including SQL commands that we might use from any query … Continue reading

Posted in Editorial | Tagged , | Comments Off on Why Use the Principle of Least Privilege?

SQL Injection Everywhere

Posted on April 11, 2011 by way0utwest

I was doing the laundry the other day and thinking about SQL Injection. I have this fancy front load model that lets me load fabric softener and bleach into containers for release later, and it occurred to me that if … Continue reading

Posted in Editorial | Tagged , | Comments Off on SQL Injection Everywhere