Securing the Database Instance
WHAT’S IN THIS CHAPTER?
- SQL Server Authentication Types
- Windows Authentication Types
- Authorizing Object Level Security
- Maintaining Row Level Security
Security of a Microsoft SQL Server instance is probably one of the least sexy topics out there today. And unfortunately that will probably remain the case for many years to come, if not forever. However, properly securing the database instance is extremely important because without a properly secured instance, there is no way to guarantee that the data stored within the SQL Server instance is the data expected to be in the instance. Changes that an attacker could make to the data within an instance of SQL Server could be as small as simply changing names, to changing the prices that the customers are charged for products, to injecting Java script code or HTML, which is then served to customers or employees via their web browser and executes unexpected code on their machine. These changes could be minor; however more than likely they could install some sort of dangerous application on the user’s computer such as a Trojan horse or key logger. So in reality, anything can happen, and it is best to be prepared for all scenarios.
There are two ways to connect to the Microsoft SQL Server instance: via SQL Server authentication and Windows authentication. When SQL Server is installed, there is an option to select if the SQL Server instance should support Windows authentication ...