SQL Server security is a broad subject area, with enough potential avenues of exploration that entire books have been written on the topic. This chapter's goal is not to cover the whole spectrum of security knowledge necessary to create a product that is secure from end to end, but rather to focus in on those areas that are most important during the software design and development process.

By and large, data security can be broken into two areas: authentication is the act of verifying the identity of a user to a system that controls resources, and authorization is the act of giving the user access to those resources. These two realms can be delegated separately in many cases; as long as the authentication ...