Infrastructure at your Service

Tag

Security Archives - Page 4 of 6 - Blog dbi services

Stéphane Haby

SQL Server Tips: Find sql logins when “windows authentication only” is enabled

By | Database Administration & Monitoring | No Comments

A customer asks me to find all sql logins enabled on servers where windows authentication only is enabled. The goal is to clean sql logins on all servers through the CMS (central management server). In some cases, sql logins are created even if the authentication is set to “Windows authentication only mode”. I think that this query is interesting and I will just share it with you. DECLARE @value INT USE [master] EXEC xp_instance_regread N’HKEY_LOCAL_MACHINE’,…

Read More
Daniel Westermann

EDB Postgres Advanced Server 9.5 new features – Profiles

By | Database Administration & Monitoring | No Comments

The just released version of EDB Postgres Advanced Server 9.5 introduces profiles very much the same as in Oracle. Lets have a look at it. As in Oracle there is a default profile: ([email protected][local]:5445) [postgres] > \x Expanded display is on. ([email protected][local]:5445) [postgres] > select * from edb_profile; -[ RECORD 1 ]———–+——– prfname | default prffailedloginattempts | -2 prfpasswordlocktime | -2 prfpasswordlifetime | -2 prfpasswordgracetime | -2 prfpasswordreusetime | -2 prfpasswordreusemax | -2 prfpasswordverifyfuncdb |…

Read More
Daniel Westermann

Avoiding access to the public schema in PostgreSQL

By | Database Administration & Monitoring | 6 Comments

In PostgreSQL every database contains the public schema by default. Every user that gets created and can login is able to create objects there. Here is a little demo: I’ll create a new user named u1 which is allowed to login. No additional privileges are granted: postgres=# create user u1 login password ‘u1’; CREATE ROLE postgres=# \c postgres u1 You are now connected to database “postgres” as user “u1”. From now on this user is…

Read More
Microsoft Team

SQL Server 2016 – availability groups and gMSAs

By | Database management | No Comments

This blog post will probably not concern customers where either password policy change rules are not defined for service accounts or Kerberos authentication is not used. But I’m sure that the number of these customers has decreased over at least the last decade. By the way, this is what I can notice at different customer places. But before beginning with group managed services let’s introduce managed services … Why using managed services (MSAs) against traditional…

Read More
Stéphane Haby

SQL Server 2016 – Security: Dynamic Data Masking – Other Data Types

By | Database Administration & Monitoring, Technology Survey | No Comments

This blog is a part of the series “SQL Server 2016 – Security: Dynamic Data Masking“. I remember you my different logins used to connect to AdventureWorks: sql login u1 with the db_owner role –> No masking sql login u2 with the db_datareader role –> masking The Data Types used are: xml, date, datetime and varbinary.

Read More
Stéphane Haby

SQL Server 2016 – Security: Dynamic Data masking – String Data Types

By | Database Administration & Monitoring, Technology Survey | No Comments

This blog is a part of the series “SQL Server 2016 – Security: Dynamic Data Masking“. I remember you my different logins used to connect to AdventureWorks: sql login u1 with the db_owner role –> No masking sql login u2 with the db_datareader role –> masking The Data Types used are: sysname, char, nchar, nvarchar and varchar.

Read More
Stéphane Haby

SQL Server 2016 – Security: Dynamic Data masking – Numeric Data Types

By | Database Administration & Monitoring, Technology Survey | No Comments

This blog is a part of the series “SQL Server 2016 – Security: Dynamic Data masking“. I remember you my different logins used to connect to AdventureWorks: sql login u1 with the db_owner role –> No masking sql login u2 with the db_datareader role –> masking The Data Types used are: bit, tinyint, smallint, int, float & money.

Read More
Stéphane Haby

Row Level Security (RLS) is also coming to MS SQL Server

By | Database Administration & Monitoring, Technology Survey | No Comments

Why “also” in my title? On 29 August, my colleague Daniel Westermann wrote an article about Row Level Security in the next version of PostgreSQL. Row Level Security called also RLS is a new feature in SQL Server 2016 and of course in SQL Azure. This new security in SQL Server returns only rows that the user has permission to access. The best way to understand is with a little sample and I use Daniel’s…

Read More
Microsoft Team

SQL Server 2016 : availability groups and the new ssis_monitor role for SSIDBB catalog

By | Database Administration & Monitoring | No Comments

During my investigation about the new AlwaysOn features, I wrote a blog post about the new SSISDB support for AlwaysOn. You can find it here: > SQL Server 2016 : availability groups and the new SSISDB support Just as a reminder, for those who have dealt with the SSISDB catalog in the previous version, some extra works were mandatory to be “AlwaysOn” compliant. Fortunately, the new version of SSIDB catalog will make easier the DBA…

Read More