Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [security]

Allowing users to access only the data they are authorized to access. It also encompasses protection of data during movement on the network and storage on disks and backups.

Security includes the facets of Authentication, Authorization, Privacy, Cryptography, Integrity, and Access Control. Include tags to indicate what aspect the question concerns; user access such as , network security, , etc.

1117 questions
89
votes
6 answers

Do stored procedures prevent SQL injection?

Is it true that stored procedures prevent SQL injection attacks against PostgreSQL databases? I did a little research and found out that SQL Server, Oracle and MySQL are not safe against SQL injection even if we only use stored procedures. However,…
Am1rr3zA
  • 1,523
  • 1
  • 14
  • 10
44
votes
4 answers

How do I assign an entire Active Directory group security access in SQL Server 2008?

I would like to use integrated security with my internal application which is all on a domain. Unfortunately, I've never been able to get this to work well. I would like to assign an entire Exchange (Active Directory) Group a role in SQL Server…
Michael Hedgpeth
  • 1,361
  • 4
  • 15
  • 21
42
votes
3 answers

The login already has an account under a different user name

When I execute this SQL: USE ASPState GO IF NOT EXISTS(SELECT * FROM sys.sysusers WHERE NAME = 'R2Server\AAOUser') CREATE USER [R2Server\AAOUser] FOR LOGIN [R2Server\AAOUser]; GO I get the following error: The login already has an account under a…
Jack
  • 2,557
  • 14
  • 37
  • 42
36
votes
1 answer

MySQL : Why are there "test" entries in mysql.db?

Recently, I posted an answer to a question about mysql.db. Then, I got to thinking I should ask everyone this question: I have noticed for years that upon installation of MySQL 5.0+, mysql.db is populated with two entries that allow test databases…
RolandoMySQLDBA
  • 185,223
  • 33
  • 326
  • 536
35
votes
2 answers

DBA first day in a new job - check backups and security - How? what else should be checked?

Generally when I start in a new environment, I tend to check where are the backups, when the last full was taken, when was the last restore applied and I check the security too. The way I do this is via T-SQL. Check the backups ;with Radhe…
Marcello Miorelli
  • 17,274
  • 53
  • 180
  • 320
32
votes
8 answers

Security implications of restoring a backup from an unknown source?

Scenario: You're handed a database backup and told to restore it to a server (that's already hosting other databases), but are given no useful information about what the backup contains or whether the source should be trusted. Question 1: What are…
Simon Righarts
  • 4,753
  • 1
  • 28
  • 31
31
votes
6 answers

SQL Server compatibility with New TLS Standards

The major browsers are moving beyond SSL3.0 and TLS1.0 . The PCI Security Council has declared an end-of-life date for these protocols to be considered sufficiently strong encryption. We need to move away from these protocols, to use newer and…
Mark Goldfain
  • 413
  • 1
  • 4
  • 7
29
votes
4 answers

Why is OS authentication considered poor security for Oracle databases?

Oracle is deprecating OS authentication according to the Oracle Database Security Guide, which says Be aware that the REMOTE_OS_AUTHENT parameter was deprecated in Oracle Database 11g Release 1 (11.1), and is retained only for backward …
Leigh Riffel
  • 23,884
  • 17
  • 80
  • 155
27
votes
8 answers

A query that lists all mapped users for a given login

When looking at the properties of a particular login, it's possible to see a list of users mapped to that login: I profiled SQL Server Management Studio (SSMS) and I see that SSMS connects to every database one at a time and retrieves information…
Michael J Swart
  • 2,235
  • 5
  • 23
  • 32
25
votes
8 answers

Why is it a bad practice to allow everyone to use the sa login?

Even Microsoft discourages the use of SQL Server authentication mode, but our applications require it. I've read that it's a best practice to not let users use the sa login directly, instead using Windows Authentication and allowing those accounts…
Jon Seigel
  • 16,922
  • 6
  • 45
  • 85
24
votes
7 answers

How to get rid of ORA-28002 message the password will expire within 6 days?

I have a user getting an ORA-28002 indicating that the password will expire within six days. I ran the following: ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED; But when I try to log in as the user, the message is still there.…
bernd_k
  • 12,369
  • 24
  • 79
  • 111
24
votes
2 answers

How do you reset the sa password?

I lost the sa password on a machine, and when I log in to the machine directly using an account in the admin group, SQL Server Management Studio will not allow me to log in using Windows authentication. My plan was to simply log into the server,…
Daniel Williams
  • 936
  • 4
  • 11
  • 19
24
votes
3 answers

Can I retrieve all database objects owned by a particular user?

We have a user who is leaving and I need to know every database object that he owns. Is there a query that will provide this information?
JHFB
  • 2,874
  • 6
  • 39
  • 64
24
votes
5 answers

Is it still best practice to avoid using the default ports for SQL Server?

Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default: SQL Server service -…
user3399498
  • 595
  • 2
  • 7
  • 16
23
votes
8 answers

Why should an application not use the sa account

My first question ever, please be gentle. I understand that the sa account enables complete control over a SQL Server and all the databases, users, permissions etc. I have an absolute belief that applications should not use the sa password without a…
SQLDBAWithABeard
  • 655
  • 1
  • 6
  • 13
1
2 3
74 75