This is a brief post containing a script to grant permissions on functions and stored procedures to a database user or role in SQL Server. Every few months I end …
Security
-
-
In this post I’ll cover a quick way to get access to SQL Server when you don’t have a login and don’t know the password for the SA account. I’ve …
-
In this post I’ll be covering the risks brought on by not securing SQL Server’s service account and setting it to run as a high privileged user. SQL Server’s wealth …
-
In this post I’ll address improper configurations and their potential impact, as well as recommendations for securing SQL Server linked servers. Linked servers are one of SQL Server’s features that …
-
In this post I cover two ways of properly securing xp_cmdshell in SQL Server 2022 to avoid unrestricted access to the underlying Windows OS. Note that the methods described in …
-
In SQL Server, members of a database’s db_owner role can end up getting membership in the sysadmin server level role if the database is set as trustworthy and it’s owned …
-
In a previous post we’ve looked at offline methods of cracking SQL Server login passwords as a means of auditing the password strength. But what if, due to security concerns …
-
Have you ever wanted to do a password audit on the SQL logins that applications and developers use to connect to the instances that you manage? Offline password cracking is …