There is a patch available for four elevation of privilege vulnerabilities recently discovered in SQL Server.From http://www.microsoft.com/technet/security/bulletin/ms08-Jul.mspx:This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete ...

In a recent blog post, Dancho Danchev mis-labeled a recent IIS vulnerability as a ''massive SQL injection attack.'' Let's be honest here.  Yes, this alert needs attention.  But is is not a new SQL injection vulnerability.  It is simply an exploit in IIS that lets malicious users access your source code.  If your database is ...

The following pages were recently modified. Source: Knowledge Base Product: Microsoft SQL Server 2005 Enterprise Edition & SQL Server 2005 Standard Edition Notification Contents: New and Major Modifications Some or all SQL Server 2005 services are not listed in SQL Server Configuration Manager, or you receive a ''No SQL Server 2005 components ...

SP_HELP_REVLOGIN stored procedure helps you to generate a script that can be used to recreate the logins that exist on a server at a specific point in time script the logins along with password. I'm not sure how many DBA are aware of this Stored Procedure and it is described in KB article 246133 . Though it talks about SQL Server 2000 version ...

Its a general assumption that whenever performance is degraded, the finger will be pointed to SQL Server, pretty easy eh!? If you look at any of the SQL Server related forums then 3 in 10 questions asks same question and nothing but shove blame on SQL Server. It is always better to be proactive than reactive, when it comes to identifying and ...

Continuation to the BlogPost on issuing or configuring SQL Servers to use certificates, I have found useful reference on Technet blogs - Mr. Cert’s side of the story ....(read more)

You may be aware that using SSL communications a HTTP server can have encryption for us, in this regard certificates must be authorized for server authentication. Microsoft recommends that you can do this by either obtaining an SSL certificate from a certificate-issuing authority, such as Verisign, or if for testing purposes, by using tools to ...

What is the Kerberos Authentication? What are the security features difference between Windows 2000 and 2003 versions? How it is behaved within Failover Clustering? How to enable Kerberos Authentication Including SQL Server Virtual Servers on Server Clusters? Let us see how the user access to SQL Server resources is controlled by two separate ...

Can we audit the activity inside the SQL Server 2008 to capture SELECTs activity? For the first time I though CDC will be useful to DBAs in auditing the activity on the database, but its not entirely. It is equivalent to auditing functionalities and in short CDC is more poised towards the ETL for incrementatl data load and that uses an ...

This was the question from SSP forums, I’m trying to rebuild few fragmented indexes on a table that is updated on regular basis. The “dbcc showcontig” gave this result: Table: 'Confidential' (999999999); index ID: 5, database ID: 5 LEAF level scan performed. - Pages Scanned................................: 86 - Extents ...