SelecTViews Shows to Watch:
SelecTViews – Open source projects and SQL Server, FrontPage Lives?!, Business Intelligence is profiling…. or is it? SQL Server tools and the cloud, featured blog, Chris Shaw on the show and MUCH more.
[Watch the Show]
Previously…
Database applications and tablet devices, toasters (er, appliances), and the SQL Server Tip of the Day. Also, Wendy Pastrick, insider knowledge of your systems and other key things to consider.
[Watch the Show]
Kalen Delaney Virtual Workshop: SQL Server 2008 Indexes – Internals and Best Practices
Feb. 25, 2011 – Along with a good database design I would say that Indexes are a cornerstone to good database performance. There are a lot of other skills you can develop in relational databases; but without these two skills, you’re going to find yourself in a heap of trouble. The SSWUG.org’s virtual workshop, conducted by Microsoft SQL Server MVP Kalen Delaney, will give you the skills you need to understand indexes, evaluate their effectiveness and make the necessary adjustments for performance. Register today to save your spot.
Featured Article(s)
SQL Server 2008 Policy Based Management (Part 2 of 3)
Administrators need to constantly monitor the security surface area of the entire database server, along with permissions and settings for every database, table, user, role, and schema. Policy-Based Management is a policy-based system for managing one or more instances of SQL Server 2008. Policy-Based Management consists of three components: policy management, policy administrators who create policies, and explicit administration. Administrators select one or more managed targets and explicitly check that the targets comply with a specific policy, or explicitly force the targets to comply with a policy. Throughout this session, we’ll see examples of how Policy-Based Management can help administrators effectively establish and monitor policies for their database environment.
Featured White Paper(s)
An Introduction to Workload Tuning
Workload Tuning is just what it sounds like: tuning the performance of all processes that comprise a database workload in one… (read more)
Does Your SQL Server Service Have Too many Permissions?
With each release of SQL Server the default permissions for the SQL Service is reduced. For example, the ability to execute a DOS command using xp_cmdShell is now turned off by default. You must turn it on in order to use this feature.
What got me thinking about this was watching a SSWUG SelecTViews by Kevin Kline regarding SQL Injection. One point that Kevin made was that once a hacker has cracked your SQL Server, they may have the keys to your kingdom. Of course, what those keys opens depends on how you have configured your SQL Service or other logins that may be hacked.
One of the best practice methods reducing your risk is to create either a windows account or an active directory service account for the SQL Service. This provides you with the ability to restrict the capabilities of the account against which SQL Server operates. Often you can restrict disk permissions on this account to only those directories where a database or backup is located. This action alone restricts some of the malicious actions a hacker may take.
The account may have the permissions reduced even further. This makes your server even more secure if the account has no permissions to manage Windows Users, perform network activities, format disks, etc. You get the point.
Even using a Windows or Active Directory account may grant too many permissions in your SQL Server Service. Be sure to restrict your SQL Server User Account permissions to only those necessary to do the work assigned to that user. Keven’s presentation covers that in a little more detail.
So, what are the minimum credentials you use for your SQL Server Service account? Care to share. Send your experience to me at btaylor@sswug.org. We’ll share with the rest of our readers.
Cheers,
Ben