Chapter 19. Feeling Secure
There are probably as many ideas on security as there are programmers. It's one of those things where there isn't necessarily a right way to do it, but there are definitely plenty of wrong ones.
The first thing to understand about security is that there is no such thing as a totally secure application. If you can make it secure, rest assured that someone, somewhere, can defeat your efforts and "hack" into the system. Even with this knowledge, the goal still needs to be to keep unwanted intruders out of your system. The good news about security is that, for most instances, you can fairly easily make it such a hassle that 99.999 percent of people out there won't want to bother with it. For the other .001 percent, I can only encourage you to make sure that all your employees have a life so they fall into the 99.999 percent. The .001 percent will hopefully find someplace else to go.
SQL Server 2005 marked the start of a very concerted effort by Microsoft to raise the level of security in SQL Server. For those who have been around long enough, you may remember the hubbub surrounding the "slammer" virus that happened during the SQL Server 2000 lifespan. Microsoft radically altered the security profile of SQL Server in a service pack that followed the slammer scare, but SQL Server 2005 marked the first full release after the advent of the slammer virus, and it was just the beginning of a series of features not so much focused just around deterring hackers as a ...