Browse by Tags

All Tags » Security (RSS)

Continuous delivery and Azure SQL Database achieving the impossible

I was very proud to be asked to speak at Ignite at the start of May. http://ignite.microsoft.com/speaker/speakermoreinfo/?speakerid=f0dfadd0-2498-e411-b87f-00155d5066d7 . I encounter much scepticism about continuous delivery for databases, more over many...

Solution - Login failed for user x. Reason Token based server access validation failed and error - 18456

Had a very bizarre situation yesterday where a local machine account couldn’t access SQL Server and was getting Login failed for user <user>. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors...
Posted by simonsabin | 3 comment(s)

Restricting logons during certain hours for certain users

Following a an email in a DL I decided to look at implementing a logon restriction system to prevent users from logging on at certain ties of the day. The poster had a solution but wanted to add auditing. I immediately thought of the My post on logging...

The server principal '<domain>\User' already exists. But it doesn’t

Interesting little situation occurred today, the person I was working with was trying to add a login to a server and was getting the following error. “The server principal '<domain>\User' already exists” They were using a command like this...
Posted by simonsabin | 4 comment(s)

Avoid SQL Injection with Parameters

The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL...

Creating service accounts should setup do it for you?

How many people actually create accounts for the SQL Server services to use? I would expect that once you step out of the enterprise the majority wouldn't be. Even though its bet practice. Why do I think that? Because its generally a pain. If installing...

How to access SQL Server when you've forget the password

There is a little known feature of SQL Server 2005 is that when you start SQL Server in single user mode local administrators of the server have sysadmin access to the sql server. You may feel this a security concern, but if a user can get local admin...