SQL Server Security / Edition 1

SQL Server Security / Edition 1

by David Litchfield, Bill Grindlay
     
 

ISBN-10: 0072225157

ISBN-13: 9780072225150

Pub. Date: 08/22/2003

Publisher: McGraw-Hill Professional Publishing

Addresses SQL Server vulnerabilities and provides security solutions. Covers installation, administration, and programming--plus security issues such as authentication, encryption, intrusion detection, and more. Written for IT professionals administering or programming any SQL Server-based application--includes coverage of SQL Server 7, SQL Server 2000, and SQL Server

Overview

Addresses SQL Server vulnerabilities and provides security solutions. Covers installation, administration, and programming--plus security issues such as authentication, encryption, intrusion detection, and more. Written for IT professionals administering or programming any SQL Server-based application--includes coverage of SQL Server 7, SQL Server 2000, and SQL Server (Yukon).

Product Details

ISBN-13:
9780072225150
Publisher:
McGraw-Hill Professional Publishing
Publication date:
08/22/2003
Series:
Security Ser.
Pages:
352
Product dimensions:
7.30(w) x 9.10(h) x 0.90(d)

Related Subjects

Table of Contents

Acknowledgmentsxvii
Introductionxix
Chapter 1SQL Server Security: The Basics1
SQL Server History2
Editions of SQL Server5
General Database Security6
SQL Server Security Vulnerabilities7
Chapter 2Under Siege: How SQL Server Is Hacked13
Picking the Right Tools for the Job15
Data or Host?16
Attacks that Do Not Require Authentication16
Attacks That Require Authentication22
Resources28
Code Listing 129
Code Listing 236
Code Listing 338
Chapter 3SQL Server Installation Tips41
Planning an Installation42
Operating System Considerations44
Running the Installer45
Locking Down the Server49
Checklist53
Chapter 4The Network-Libraries and Secure Connectivity55
Client/Server Connectivity56
Secure Sockets Layer58
SQL Server Network-Libraries63
Configuring Connections66
Best Practices70
Chapter 5Authentication and Authorization73
Authentication75
Authorization and Permissions95
Syslogins, Sysprotects, Syspermissions, and Other Mysteries107
Best Practices109
Chapter 6SQL Server in the Enterprise115
SQL Server Replication116
Multiserver Administration130
Active Directory Integration135
Chapter 7Auditing and Intrusion Detection139
Case Study140
SQL Server Auditing142
SQL Server Alerts154
Chapter 8Data Encryption163
Encryption Explained164
Hashing Algorithms166
Salts168
Key Management168
Built-In Encryption Functions169
Encrypting Custom Stored Procedures171
Encrypting SQL Server Table Data171
Encrypting SQL Server Network Traffic173
Middle-Tier Encryption175
Third-Party COM Components176
CryptoAPI176
Chapter 9SQL Injection: When Firewalls Offer No Protection181
SQL Injection Basics182
Case Study: Online Foreign Exchange System182
Advanced Topics189
SQL Injection Defense195
Best Practices201
Chapter 10Secure Architectures203
Defense In Depth204
Security Requirements205
Planning208
Development210
Testing216
Deployment221
Maintenance222
Appendix ASystem and Extended Stored Procedure Reference225
Limiting the Risks of Stored Procedures226
Stored Procedure Attack Strategies229
High-Risk System and Extended Stored Procedures231
Defensive Strategies238
Appendix BAdditional Technologies that Impact SQL Server Security243
Visual Studio, Microsoft Office, and COM Connectivity Tools244
SQL Server Mail Interfaces250
Internet Information Server Integration252
SQL Server Developer and Administrator Tools254
Appendix CConnection Strings261
Properties262
Sample Connection Strings265
Where to Place Connection Strings266
Appendix DSecurity Checklists277
SQL Server Version Checklist278
Post-Install Checklist281
Maintenance Checklist294

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >