SQL Server Security Distilled, Second Edition
| 1969-12-31 00:00:00 | | 0 | SQL Server
SQL Server is the dominant relational database in the Windows market and data security is a huge and growing concern for all businesses. Securing SQL Server is one of the most important responsibilities of the SQL Server professional.
SQL Server Distilled, Second Edition is a very carefully researched, clearly explained book on securing SQL Server, by an author who knows SQL Server inside and out. If you follow the practical guidelines that are clearly set out in this book, then you stand a very good chance of making sure that the data stored in your database is secure and that the conversation between your applications and the database is secure (preventing SQL injection attacks, etc.). For example, any DBA who implemented the security precautions detailed in the book would not have been affected by the infamous Slammer virus.
This second edition offers practical advice on how to implement good practices that will ward off future viruses before they are even created, and it contains new content that reflects all updates to SQL Server's security mechanisms.
User review
Very good book, i wish there is one book for 2005
It is good book for 6.5, 7.0 and 2000. But it does not cover 2005 i think manily because it is old publication.
Still reading some more chapter, after that i will review my review!
User review
A holistic approach to security
If you are responsible for a SQL Server database, can you afford not to think about security? Of course not. And this book definitely puts you on the right track. It offers a great great and encompassing view of the issues we as IT professionals face when it comes to SQL Server Security. It's not the same old best practices, rather it explains the why's behind the how's.
User review
Good book, but nothing extraordinary
This is a good book on security and covers most of the SQL security issues. It even goes in depth in describing the SQL security at the network layer. But if you already know that you should use Windows authentication, not use SA or other SQL accounts, stay away from port 1433, and regularly update SQL security patches, then you probably won't benefit substantially by reading this book. Nevertheless, it provides a comprehensive review of the SQL security.
User review
A Note from the Author
I spent just under 2 years doing the research for this book. In terms of breadth of coverage, there is no better book on the market. Rather than searching Microsoft's mammoth site for articles and white papers, everything you need to understand SQL Server security from version 6.5 to 2000 is in one book.
This book also goes deeper than the basic introduction to the various security mechanisms. Many books will tell you what SQL Server offers, but very few provide detailed information on *how* and *why* it works the way it does. Each chapter provides insights into the inner workings of SQL Server's security architecture and provides practical advice on how to use that information to keep your systems safe.
There are some other books that focus on showing you `hackers' tricks` for attacking your database servers, but this book takes the premise that if you do things the right way from the beginning, no hacker is ever going to find a trick that works on your systems. As an example, this book recommended configuring firewalls to block the traffic used by the Spammer virus long before the virus became news. Those who read this book and followed its advice slept soundly the weekend that Spammer was taking the Internet down.
Since the future of Curlingstone is in doubt, support for the book has moved to www.,.,,,com, and the author is not only committed to maintaining the current work but also planning to release an interim update in electronic format in the fall covering changes in SQL Server 2000 Service Pack 3 and any new discoveries found since December, 2002. The author also plans to release additional chapters on Yukon early next year for early adopters. This book is alive and will be updated periodically to keep its readers safe from the bad guys.
User review
Excellent Security Reference
I've been working with SQL Server for 11 years and run SQL Server Central.
And I learned a bunch from this book. This is one of the best references on SQL Server Security that I have seen written and I recommend it highly to every SQL Server DBA.
The book is written to cover versions 6.5, 7.0, and 2000. And it does a great job with each. It starts by looking at the way that logins are authenticated by the server. Great detail is given, even to the point of examining network sniffer traces to show how the communication occurs between the client and server.
From there, the database security is examined with separate chapters for v6.5 and 7/2000 since they work differently. Not only is the process explained, but the author notes where there are bugs and unforseen consequences of assigning security in certain ways.
The early chapters provide insight into how security works in SQL Server. The later chapters build on this to give hints and suggestions for implementing security in your applications, DTS, replication, and even SQL Server CE.
Overall, this is a must read for SQL Server DBAs. Developers will benefit as well since a thorough understanding can solve a great many problems and prevent even more.