K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

This Blog

Home

Syndication

Search

News

About Me

K. Brian Kelley
SQL Server Columnist/Author

E-mail: kbriankelley
at acm dot org

View Brian Kelley's profile

Navigation

Browse by Tags

All Tags » web security (RSS)

Security by Obscurity?

Andy Warren points to a TechNet article about Security by Obscurity and wanted me to post some notes. Let's start with the example they used. Rename the Administrator account: I agree with Roger's take. We intentionally rename the administrator...

Posted 04 June 2008 10:52 by bkelley | with no comments

Filed under: Security, database security, SQL Server security, Windows security, web security

Security Issue with SQL Server Reporting Services 2008

I have a CTP of SSRS 2008 deployed to one of my servers. Today I built a couple of reports and from one of my systems, they all tested fine. However, this system, because it is a testing server, doesn't receive the Group Policy Object (GPO) controlling...

Posted 30 May 2008 14:57 by bkelley | with no comments

Filed under: SQL Server 2005, Security, SQL Server 2008, Microsoft SQL Server, SQL Server security, SQL Server Reporting Services, web security

Recent slate of IIS attacks - more info

The recent slate of attacks on IIS servers don't seem to be an attack directly against IIS or against SQL Server itself. In other words, they aren't going after vulnerabilities in the server product (either one). Rather, the attacks are targeting...

Posted 26 April 2008 08:08 by bkelley | with no comments

Filed under: Security, SQL Server, SQL Server security, SQL Injection, web security, IIS