SQLSecurity.com

Paladion
By Paladion

June 15, 2005

If you design applications that access MS SQL Server or are responsible for maintaining SQL Server, then SQLSecurity.com is the go-to site for you. Started in 1999 by Chip Andrews (the co-author of "SQL Server Security"), the site has grown in content answering your questions on securing SQL Server databases, and then some more.

SQL Security

If you design applications that access MS SQL Server or are responsible for maintaining SQL Server, then SQLSecurity.com is the go-to site for you. Started in 1999 by Chip Andrews (the co-author of "SQL Server Security"), the site has grown in content answering your questions on securing SQL Server databases, and then some more.

First-time visitors can get a taste of what's in store by checking out the SQL Server FAQ. The FAQ discusses an array of database security issues - "How do I perform encryption with SQL Server?", "How do I restrict clients by IP address?" etc.

The SQL Security checklist is a quick guide to securing your SQL Server installation. It's concise, it's useful. Period.

Over 30 tools are listed in the free security tools section of the site: these include brute force password guessing tools and cryptographic routines among others. And more commercial tools are listed in the products section of the site.

The Lockdown script, as the name suggests, can be used to harden your database installation. Note however that the script has not been updated since December 2003. An online version database helps us map SQL Server builds to the exact patch level. This is useful to track down the vulnerabilities specific to the build.

While some sections of the site are relatively old, Chip's Blog is where the action is today -- this is the place where you learn what's happening latest in the world of SQL Server security.

This is not a site you will be done with in a day or two. This is where you will want to come back to answer those new questions you always tend to get.


Tags: Review

About

Paladion