Articles tagged

05 July 2017
05 July 2017

Revisiting Script Injection in ASP.NET

The danger of Cross-Site Scripting (XSS) has to be dealt with in any web application. You do this by validating the input from all possible channels. by constraining it in terms of its range, type and length, and by encoding the output from views. ASP.NET has some built-in validation of requests that can be extended to make it more effective, but this approach has changed with ASP.NET Core to place the onus on the application developers to provide the middleware to perform effective validation that is fine-tuned to the application. Dino Esposito explains.… Read more
04 November 2016
04 November 2016

Questions About SQL Server Security and Access Control You Were Too Shy to Ask

For many developers, database security and Access control is just something that gets in the way of development work. However, several recent security breaches have had devastating consequences and have caused a change in attitude about the value to any organisation of having database applications that meet industry standards for access control and security. The problem, however is in admitting that you have a problem and finding answers to those problems you are just too shy to ask in public. … Read more
17 November 2015
17 November 2015

Jodie Beay and the Production Database Drift

You make an example database, like NorthWind or WidgetDev in order to test out your deployment system and the next thing you know you're worrying about constraints, backup and security. Then you add an index to the production system and feel a pang of guilt. What would the Devs say? Somehow databases take on lives of their own, populated by the lost souls of users, Developers and DBAs. Has the Redgate DLM Team's practice Forex database somehow come alive?… Read more
09 November 2015
09 November 2015

The Logical Data Warehouse – Towards a Single View of All the Data

What is wrong with the Enterprise Data Warehouse? Quite a lot, it seems. By taking the narrow view that the struggle is that of accommodating and interrogating huge quantities of data, then initiatives such as the Virtual Data Warehouse and Logical Data Warehouse could make sense. But what about data quality, security, access control, archiving, retention, privacy and regulatory compliance?… Read more
12 June 2015
12 June 2015

Safe(r) Custom User-Authentication

If you are still storing passwords with MD5 hashing you're doing it wrong. The .NET platform provides a Cryptography library that allows you to develop PBKDF2 user authentication to the standards of the Open Web Application Security Project. Tom Fischer explains the background, shows a solution, and discusses the issues.… Read more
29 April 2015
29 April 2015

How to Get SQL Server Security Horribly Wrong

It is no good doing some or most of the aspects of SQL Server security right. You have to get them all right, because any effective penetration of your security is likely to spell disaster. If you fail in any of the ways that Robert Sheldon lists and describes, then you can't assume that your data is secure, and things are likely to go horribly wrong.… Read more
09 April 2015
09 April 2015

Schema-Based Access Control for SQL Server Databases

Access-control within the database is important for the security of data, but it should be simple to implement. It is easy to become overwhelmed by the jargon of principals, securables, owners, schemas, roles, users and permissions, but beneath the apparent complexity, there is a schema-based system that, in combination with database roles and ownership-chaining, provides a relatively simple working solution.… Read more
17 October 2014
17 October 2014

The Mindset of the Enterprise DBA: Delegating Work

A lot of the routine jobs demanded of a DBA can be automated, but a tougher prospect is to automate these jobs in a way that the requestor rather than the DBA can actually set of the job running themselves without compromising security and without risk. Is it true to say that some tasks can be made self-service? In the final part of his series, Joshua considers delegation.… Read more
16 September 2014
16 September 2014

Introduction to Oracle Password Verification and Complexity Function

0
4
Security is in the news again.  It seems there’s no greater click-bait than a story about indecent photos of beautiful young Hollywood actresses stolen from their iPhones. Find a way to rope a cute kitten into the story and the Internet might very well explode. The current theories abounding seem to suggest that the vulnerabilities lay not with Apple, but… Read more
29 July 2014
29 July 2014

The Hybrid Cloud: Having your Cake

Although the Cloud gives us the freedom of using, and paying for, computing resources only when we need them, the public cloud isn't a universal panacea. Private clouds can harness all that cloud technology whilst avoiding those security and bandwidth issues, but at a cost and commitment. Can one therefore get the best of both worlds with a Hybrid Cloud? Robert Sheldon explains all the ins and outs.… Read more
28 May 2014
28 May 2014

Setting Up Your SQL Server Agent Correctly

It is important to set up SQL Server Agent Security on the principles of 'executing with minimum privileges', and ensure that errors are properly logged and alerts are set up for a comprehensive range of errors. SQL Server Agent allows fine-grained control of every job step that should allow tasks to be run entirely safely even if they occasionally need special privileges.… Read more
06 May 2014
06 May 2014

Which New Technology Should I Chase?

It is a question that almost anybody working in IT occasionally ask themselves. 'How can I best develop my career to make sure my skills and experience remain in demand?' The questions may be spurred by a variety of reasons, including job-insecurity, dissatisfaction, or a wish for career advancement. So what advice would you give? Buck Woody tackles the difficult question with some straight-forward advice..… Read more
16 April 2014
16 April 2014

How is data security maintained and what’s new in Oracle 12c database security – Part 1

0
0
Securing enterprise business-critical data is as important for DBAs as database tuning and data protection. Oracle provides comprehensive and powerful security controls/solutions to ensure data privacy and data security which will help with meeting regulatory compliance. Oracle supports the following security controls: Data Masking Advance Security (TDE, Data Redaction) Label security Virtual Private Database (VPD) Fine Grained Auditing (FGA) Data… Read more