Security is often one of the most challenging aspects of designing and managing a database system. As a DBA, you want your servers to be as secure as possible without having to invest an inordinate amount of money or sacrifice user functionality. Unfortunately, many administrators and application developers are often skeptical about the benefits of security, believing that they are somehow immune to the myriad of threats that are out there. In reality, as long as users have access to data, there is a risk of a security breach. So what do you do? Take the SQL Server offline, put it in a locked room that only you have access to, and require that all database requests be processed manually through you?

Security isn't about guaranteeing a completely attack-proof system. It's about mitigating and responding to risk. It's about ensuring that you take the necessary steps to minimize the scope of the attack. Remember that simply giving users access to the database through the network will introduce an element of risk. This chapter takes a look at SQL Security from the outside in. You will learn about the different types of accounts and principals that are available. You will see how to control access to database objects, and how to encrypt and protect your data. This chapter also includes some guidelines for providing a secure solution for deploying and managing your SQL Server.

Because SQL Server 2008 is designed to work with Windows Server 2008, some ...