Good Question! This is one of those error messages that you will eventually encounter in SQL Server if you work with it enough. A login’s default database is a delicate thing that will prevent them from being able to logon if there is a problem. The default database defines which database the user will be automatically logged into if they ...

This is a problem that plagues DBAs everywhere. When you restore a database, you run the risk of orphaning the users in the database. All users are linked via a SID to a login and if you have SQL Server logins, who’s SIDs are managed by SQL Server, you are at risk. Typically a restore to the same server from which the backup was taken ...

They have been around forever, but have you really ever implemented Application Roles in SQL Server? For that matter, do you really know what they are and how to use them? In this short tip, I hope to explain just that. First off, we need to talk briefly about how application security can be implemented in SQL Server. There is some debate over ...

You ever find yourself with the need to copy SQL Server logins from one server to another? Maybe you are setting up a failover site, building a replacement server, setting up a reporting instance, or maybe you just want to backup the logins just in case. If you are using Windows Logins, this is a simple matter of scripting the login and applying ...

I've run into this problem again and again. Sometimes I've had luck in convince clients that if a 3rd-party application is hard-coded to use SA is shouldn't even be considered. Sometimes not. With all of the issues that have come up with the SA account over the last 10 years, I find it inexcusable that vendors still hard-code their application to ...

First, my background is mainly in ESRI ArcGIS Desktop. I have just started using Microsoft SQL Server 2005. I have created a new database using the ArcSDE Post-Install software. The database is an enterprise sde database. My problem is assigning users to the database and defining their roles within the database. As the database administrator I ...

There is a patch available for four elevation of privilege vulnerabilities recently discovered in SQL Server.From http://www.microsoft.com/technet/security/bulletin/ms08-Jul.mspx:This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete ...

Remember the post by Aaron Bertrand titled Call a spade a spade! (SQL injection, or IIS vulnerability?)? Microsoft has released 3 tools that deal with this SQL injection. These three tools include HP Scrawlr , UrlScan version 3.0 Beta , and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within ...

As a DBA I have always used stored procedures to access database data for the myriad of reasons that we all are aware of. My current project has made the decision to forgo stored procedures and access data directly from the underlying tables by means of JPA. I understand the concept of persistence, but I have seen any analysis that addresses my ...

I found this SQL Server Testing (not unit but vulnerability) page and decided I would post a link to it since it has some useful stuff. The link is below http://www.owasp.org/index.php/Testing_for_SQL_Server Here is what is covered. Enjoy (or live in fear over the weekend) 1 Brief Summary 2 Short Description of the Issue 3 Black Box testing and ...