Articles tagged Security

27 December 2021
27 December 2021

Azure and MFA Secrets

0
1
MFA and conditional access policies are powerful tools for our cloud security, but they are full of tricks. I don’t pretend to cover the basics here. You know you can create conditional access policies to request MFA authentication from the users. You also know the fact the default configuration (which you should avoid) will request … Read more
05 July 2017
05 July 2017

Revisiting Script Injection in ASP.NET

0
11
The danger of Cross-Site Scripting (XSS) has to be dealt with in any web application. You do this by validating the input from all possible channels. by constraining it in terms of its range, type and length, and by encoding the output from views. ASP.NET has some built-in validation of requests that can be extended to make it more effective, but this approach has changed with ASP.NET Core to place the onus on the application developers to provide the middleware to perform effective validation that is fine-tuned to the application. Dino Esposito explains.… Read more
04 November 2016
04 November 2016

Questions About SQL Server Security and Access Control You Were Too Shy to Ask

For many developers, database security and Access control is just something that gets in the way of development work. However, several recent security breaches have had devastating consequences and have caused a change in attitude about the value to any organisation of having database applications that meet industry standards for access control and security. The problem, however is in admitting that you have a problem and finding answers to those problems you are just too shy to ask in public. … Read more
09 November 2015
09 November 2015

The Logical Data Warehouse – Towards a Single View of All the Data

0
15
What is wrong with the Enterprise Data Warehouse? Quite a lot, it seems. By taking the narrow view that the struggle is that of accommodating and interrogating huge quantities of data, then initiatives such as the Virtual Data Warehouse and Logical Data Warehouse could make sense. But what about data quality, security, access control, archiving, retention, privacy and regulatory compliance?… Read more
12 June 2015
12 June 2015

Safe(r) Custom User-Authentication

0
12
If you are still storing passwords with MD5 hashing you're doing it wrong. The .NET platform provides a Cryptography library that allows you to develop PBKDF2 user authentication to the standards of the Open Web Application Security Project. Tom Fischer explains the background, shows a solution, and discusses the issues.… Read more
29 April 2015
29 April 2015

How to Get SQL Server Security Horribly Wrong

It is no good doing some or most of the aspects of SQL Server security right. You have to get them all right, because any effective penetration of your security is likely to spell disaster. If you fail in any of the ways that Robert Sheldon lists and describes, then you can't assume that your data is secure, and things are likely to go horribly wrong.… Read more
09 April 2015
09 April 2015

Schema-Based Access Control for SQL Server Databases

Access-control within the database is important for the security of data, but it should be simple to implement. It is easy to become overwhelmed by the jargon of principals, securables, owners, schemas, roles, users and permissions, but beneath the apparent complexity, there is a schema-based system that, in combination with database roles and ownership-chaining, provides a relatively simple working solution.… Read more
17 October 2014
17 October 2014

The Mindset of the Enterprise DBA: Delegating Work

A lot of the routine jobs demanded of a DBA can be automated, but a tougher prospect is to automate these jobs in a way that the requestor rather than the DBA can actually set of the job running themselves without compromising security and without risk. Is it true to say that some tasks can be made self-service? In the final part of his series, Joshua considers delegation.… Read more
16 September 2014
16 September 2014

Introduction to Oracle Password Verification and Complexity Function

0
7
Security is in the news again.  It seems there’s no greater click-bait than a story about indecent photos of beautiful young Hollywood actresses stolen from their iPhones. Find a way to rope a cute kitten into the story and the Internet might very well explode. The current theories abounding seem to suggest that the vulnerabilities lay not with Apple, but… Read more
28 May 2014
28 May 2014

Setting Up Your SQL Server Agent Correctly

It is important to set up SQL Server Agent Security on the principles of 'executing with minimum privileges', and ensure that errors are properly logged and alerts are set up for a comprehensive range of errors. SQL Server Agent allows fine-grained control of every job step that should allow tasks to be run entirely safely even if they occasionally need special privileges.… Read more
06 May 2014
06 May 2014

Which New Technology Should I Chase?

It is a question that almost anybody working in IT occasionally ask themselves. 'How can I best develop my career to make sure my skills and experience remain in demand?' The questions may be spurred by a variety of reasons, including job-insecurity, dissatisfaction, or a wish for career advancement. So what advice would you give? Buck Woody tackles the difficult question with some straight-forward advice..… Read more
16 April 2014
16 April 2014

How is data security maintained and what’s new in Oracle 12c database security – Part 1

0
1
Securing enterprise business-critical data is as important for DBAs as database tuning and data protection. Oracle provides comprehensive and powerful security controls/solutions to ensure data privacy and data security which will help with meeting regulatory compliance. Oracle supports the following security controls: Data Masking Advance Security (TDE, Data Redaction) Label security Virtual Private Database (VPD) Fine Grained Auditing (FGA) Data… Read more
22 July 2013
22 July 2013

Thoughts on ASP.NET MVC Authorization and Security

0
129
It is only a matter of time in developing most websites that you'll need to implement a way of restricting access to parts of the site. In MVC, the 'Authorize' attribute handles both authentication and authorization. In general, it works well, with the help of extension to handle AJAX calls elegantly, and to distinguish between unauthorized users and those who are not logged in.… Read more