Friends, the MidnightDBAs have a plan for 2022. A capital-P Plan. And it involves writing and teaching a lot. The plan for January 2022 is a focus on SQL Server security. We’ve already collaborated and published one blog over at MinionWare.net: UNDERSTANDING SQL SERVER SECURITY: Secure xp_cmdshell with the Microsoft Master’s guide (in 4 not-so-easy […]
Category: Security
Prevent the next data breach – a MinionWare snippet
Dozens of major data breaches have occurred in the last fifteen years. Each one illustrates the massive cost – both in dollars and in reputation – of lax security. Consider: Uber in 2016 – Hackers downloaded more than 25 million drivers’ and customers’ personal information; the cover-up and resulting claims alone cost $148 million. Equifax […]
XP_CmdShell isn’t Evil
Bonus summary: xp_cmdshell is limited to admins, unless you specifically grant permissions to users. And if you’re an admin, you have the power to turn on and use xp_cmdshell anyway. Xp_cmdshell is not a security hole. This is a reprint of Sean McCown’s original post on DBARant. You know, reprinted with permission and all that. I’ve […]