SQL Server: Security     Learn More @ http://www.learnnowonline.com        Copyright © by Application Developers Training ...
Security in SQL Server 2012        Learn More @ http://www.learnnowonline.com           Copyright © by Application Develop...
Security in SQL Server 2012 • Rebuilt security from the ground up in   SQL Server 2005          Learn More @ http://www.le...
Security in SQL Server 2012 • Rebuilt security from the ground up in   SQL Server 2005   • New version builds on that new ...
Security in SQL Server 2012 • Rebuilt security from the ground up in   SQL Server 2005   • New version builds on that new ...
Security in SQL Server 2012 • Rebuilt security from the ground up in   SQL Server 2005   • New version builds on that new ...
What’s New in Security?        Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers ...
What’s New in Security? • Not a lot, but it’s good            Learn More @ http://www.learnnowonline.com               Cop...
What’s New in Security? • Not a lot, but it’s good   • Security Management            Learn More @ http://www.learnnowonli...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups             Le...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
What’s New in Security? • Not a lot, but it’s good   • Security Management      • Default schema for groups      • User-de...
Security Management       Learn More @ http://www.learnnowonline.com          Copyright © by Application Developers Traini...
Security Management • Default schema for groups          Learn More @ http://www.learnnowonline.com             Copyright ...
Security Management • Default schema for groups   • Fixes a big hole           Learn More @ http://www.learnnowonline.com ...
Security Management • Default schema for groups   • Fixes a big hole   • Avoids creating implicit schemas           Learn ...
Security Management • Default schema for groups   • Fixes a big hole   • Avoids creating implicit schemas   • Less chance ...
Security Management • Default schema for groups   • Fixes a big hole   • Avoids creating implicit schemas   • Less chance ...
Security Management • Default schema for groups   • Fixes a big hole   • Avoids creating implicit schemas   • Less chance ...
Security Management • Default schema for groups   • Fixes a big hole   • Avoids creating implicit schemas   • Less chance ...
Security Management       Learn More @ http://www.learnnowonline.com          Copyright © by Application Developers Traini...
Security Management • User-defined server roles           Learn More @ http://www.learnnowonline.com              Copyright...
Security Management • User-defined server roles   • Server-level principal            Learn More @ http://www.learnnowonlin...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions           ...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Security Management • User-defined server roles   • Server-level principal      • Grant server-level permissions      • Mix...
Authentication        Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training ...
Authentication • Contained databases          Learn More @ http://www.learnnowonline.com             Copyright © by Applic...
Authentication • Contained databases   • Can create a SQL user with a password           Learn More @ http://www.learnnowo...
Authentication • Contained databases   • Can create a SQL user with a password   • Windows user in database           Lear...
Authentication • Contained databases   • Can create a SQL user with a password   • Windows user in database   • Not associ...
Authentication • Contained databases   •   Can create a SQL user with a password   •   Windows user in database   •   Not ...
Authentication • Contained databases   •   Can create a SQL user with a password   •   Windows user in database   •   Not ...
Authentication • Contained databases   •   Can create a SQL user with a password   •   Windows user in database   •   Not ...
Authentication • Contained databases   •   Can create a SQL user with a password   •   Windows user in database   •   Not ...
Contained DatabaseAuthentication        Learn More @ http://www.learnnowonline.com           Copyright © by Application De...
Contained DatabaseAuthentication Connection  Request              Learn More @ http://www.learnnowonline.com              ...
Contained DatabaseAuthentication Connection  Request   Initial  catalog specified?              Learn More @ http://www.le...
Contained DatabaseAuthentication Connection  Request   Initial  catalog specified? No               Server-level          ...
Contained DatabaseAuthentication Connection  Request   Initial    Yes       Initial  catalog              catalog specifie...
Contained DatabaseAuthentication Connection  Request   Initial    Yes       Initial  catalog              catalog specifie...
Contained DatabaseAuthentication Connection  Request   Initial    Yes       Initial      Yes         Authent-  catalog    ...
Contained DatabaseAuthentication Connection                                                          Matching  Request    ...
Contained DatabaseAuthentication Connection                                                          Matching  Request    ...
Contained DatabaseAuthentication Connection                                                          Matching    Yes  Requ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes  Req...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained DatabaseAuthentication Connection                                                          Matching     Yes     ...
Contained Database Issues       Learn More @ http://www.learnnowonline.com          Copyright © by Application Developers ...
Contained Database Issues • Security issues you have to be careful   about           Learn More @ http://www.learnnowonlin...
Contained Database Issues • Security issues you have to be careful   about   • Accessing other databases using the guest  ...
Contained Database Issues • Security issues you have to be careful   about   • Accessing other databases using the guest  ...
Contained Database Issues • Security issues you have to be careful   about   • Accessing other databases using the guest  ...
Contained Database Issues • Security issues you have to be careful   about   • Accessing other databases using the guest  ...
Data Protection        Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training...
Data Protection • Cryptography Enhancements          Learn More @ http://www.learnnowonline.com             Copyright © by...
Data Protection • Cryptography Enhancements   • HASHBYTES supports SHA2 256 and 512 bits           Learn More @ http://www...
Data Protection • Cryptography Enhancements   • HASHBYTES supports SHA2 256 and 512 bits      • Passwords hashed with SHA5...
Data Protection • Cryptography Enhancements   • HASHBYTES supports SHA2 256 and 512 bits      • Passwords hashed with SHA5...
Data Protection • Cryptography Enhancements   • HASHBYTES supports SHA2 256 and 512 bits      • Passwords hashed with SHA5...
Data Protection • Cryptography Enhancements   • HASHBYTES supports SHA2 256 and 512 bits      • Passwords hashed with SHA5...
Data Protection • Cryptography Enhancements   • HASHBYTES supports SHA2 256 and 512 bits      • Passwords hashed with SHA5...
Auditing       Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training Company
Auditing • Basic server auditing supported in all   SQL Server editions!           Learn More @ http://www.learnnowonline....
Auditing • Basic server auditing supported in all   SQL Server editions!   • Database auditing only in Enterprise,    Data...
Auditing • Basic server auditing supported in all   SQL Server editions!   • Database auditing only in Enterprise,     Dat...
Auditing • Basic server auditing supported in all   SQL Server editions!   • Database auditing only in Enterprise,     Dat...
Auditing • Basic server auditing supported in all   SQL Server editions!   • Database auditing only in Enterprise,     Dat...
Auditing • Basic server auditing supported in all   SQL Server editions!   • Database auditing only in Enterprise,     Dat...
Auditing • Basic server auditing supported in all   SQL Server editions!   • Database auditing only in Enterprise,     Dat...
Auditing       Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training Company
Auditing • Resilient to failure           Learn More @ http://www.learnnowonline.com              Copyright © by Applicati...
Auditing • Resilient to failure   • Can recover from failure to write to the log           Learn More @ http://www.learnno...
Auditing • Resilient to failure   • Can recover from failure to write to the log      • From most file or network errors   ...
Auditing • Resilient to failure   • Can recover from failure to write to the log      • From most file or network errors   ...
Auditing • Resilient to failure   • Can recover from failure to write to the log      • From most file or network errors   ...
Auditing • Resilient to failure   • Can recover from failure to write to the log      • From most file or network errors   ...
Auditing       Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training Company
Auditing • Cap files without rollover          Learn More @ http://www.learnnowonline.com             Copyright © by Applic...
Auditing • Cap files without rollover   • Formerly could have either:           Learn More @ http://www.learnnowonline.com ...
Auditing • Cap files without rollover   • Formerly could have either:      • Indeterminate number of log files            Le...
Auditing • Cap files without rollover   • Formerly could have either:      • Indeterminate number of log files      • Rollov...
Auditing • Cap files without rollover   • Formerly could have either:      • Indeterminate number of log files      • Rollov...
Auditing • Cap files without rollover   • Formerly could have either:      • Indeterminate number of log files      • Rollov...
Auditing • Cap files without rollover   • Formerly could have either:      • Indeterminate number of log files      • Rollov...
Auditing • Cap files without rollover   • Formerly could have either:      • Indeterminate number of log files      • Rollov...
Auditing       Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training Company
Auditing • User-defined audit events          Learn More @ http://www.learnnowonline.com             Copyright © by Applica...
Auditing • User-defined audit events   • Write what you want to the audit log           Learn More @ http://www.learnnowonl...
Auditing • User-defined audit events   • Write what you want to the audit log   • sp_audit_write           Learn More @ htt...
Auditing • User-defined audit events   • Write what you want to the audit log   • sp_audit_write      • @user_defined_event_...
Auditing • User-defined audit events   • Write what you want to the audit log   • sp_audit_write      • @user_defined_event_...
Auditing • User-defined audit events   • Write what you want to the audit log   • sp_audit_write      • @user_defined_event_...
Auditing       Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training Company
Auditing • Filter audit events           Learn More @ http://www.learnnowonline.com              Copyright © by Applicatio...
Auditing • Filter audit events   • Built on extended events           Learn More @ http://www.learnnowonline.com          ...
Auditing • Filter audit events   • Built on extended events   • Pretty fine control over what gets written           Learn ...
Auditing • Filter audit events   • Built on extended events   • Pretty fine control over what gets written   • Use the WHER...
Auditing       Learn More @ http://www.learnnowonline.com           Copyright © by Application Developers Training Company
Auditing • T-SQL stack frame information          Learn More @ http://www.learnnowonline.com             Copyright © by Ap...
Auditing • T-SQL stack frame information   • Determine if query from stored procedure    or directly from application     ...
Auditing • T-SQL stack frame information   • Determine if query from stored procedure     or directly from application   •...
Learn More!       Learn More @ http://www.learnnowonline.com          Copyright © by Application Developers Training Company
Learn More!• This is an excerpt from a larger course. Visit  www.learnnowonline.com for the full details!           Learn ...
Learn More!• This is an excerpt from a larger course. Visit  www.learnnowonline.com for the full details!           Learn ...
Learn More!• This is an excerpt from a larger course. Visit  www.learnnowonline.com for the full details!• Learn more abou...
Learn More!• This is an excerpt from a larger course. Visit  www.learnnowonline.com for the full details!• Learn more abou...
Upcoming SlideShare
Loading in...5
×

SQL Server: Security

611

Published on

Explore some of the best new security features in SQL Server.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
611
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • DEMO: rest of section\n
  • DEMO: rest of section\n
  • DEMO: rest of section\n
  • DEMO: rest of section\n
  • Transcript of "SQL Server: Security"

    1. 1. SQL Server: Security Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    2. 2. Security in SQL Server 2012 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    3. 3. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    4. 4. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 • New version builds on that new foundation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    5. 5. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 • New version builds on that new foundation • Will explore some of the best new security features Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    6. 6. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 • New version builds on that new foundation • Will explore some of the best new security features • Are they enough to make an upgrade mandatory? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    7. 7. What’s New in Security? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    8. 8. What’s New in Security? • Not a lot, but it’s good Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    9. 9. What’s New in Security? • Not a lot, but it’s good • Security Management Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    10. 10. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    11. 11. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    12. 12. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    13. 13. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    14. 14. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    15. 15. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection • Encryption enhancements Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    16. 16. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection • Encryption enhancements • Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    17. 17. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection • Encryption enhancements • Auditing • Lots of goodies for DBAs Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    18. 18. Security Management Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    19. 19. Security Management • Default schema for groups Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    20. 20. Security Management • Default schema for groups • Fixes a big hole Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    21. 21. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    22. 22. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    23. 23. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries • Default schema for users solved a problem Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    24. 24. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries • Default schema for users solved a problem • But caused others Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    25. 25. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries • Default schema for users solved a problem • But caused others • Allowing them for groups solves it Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    26. 26. Security Management Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    27. 27. Security Management • User-defined server roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    28. 28. Security Management • User-defined server roles • Server-level principal Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    29. 29. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    30. 30. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    31. 31. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    32. 32. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    33. 33. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    34. 34. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    35. 35. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission • IMPERSONATE on the server principal for logins Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    36. 36. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission • IMPERSONATE on the server principal for logins • ALTER for server roles used as the server principal Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    37. 37. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission • IMPERSONATE on the server principal for logins • ALTER for server roles used as the server principal • Others if you assign server role ownership Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    38. 38. Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    39. 39. Authentication • Contained databases Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    40. 40. Authentication • Contained databases • Can create a SQL user with a password Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    41. 41. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    42. 42. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    43. 43. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    44. 44. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    45. 45. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    46. 46. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if any Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    47. 47. Contained DatabaseAuthentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    48. 48. Contained DatabaseAuthentication Connection Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    49. 49. Contained DatabaseAuthentication Connection Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    50. 50. Contained DatabaseAuthentication Connection Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    51. 51. Contained DatabaseAuthentication Connection Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    52. 52. Contained DatabaseAuthentication Connection Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    53. 53. Contained DatabaseAuthentication Connection Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    54. 54. Contained DatabaseAuthentication Connection Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    55. 55. Contained DatabaseAuthentication Connection Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    56. 56. Contained DatabaseAuthentication Connection Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    57. 57. Contained DatabaseAuthentication Connection Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    58. 58. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    59. 59. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    60. 60. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    61. 61. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    62. 62. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    63. 63. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    64. 64. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    65. 65. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    66. 66. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    67. 67. Contained Database Issues Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    68. 68. Contained Database Issues • Security issues you have to be careful about Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    69. 69. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    70. 70. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account • Duplicate logins Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    71. 71. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account • Duplicate logins • Increased access when containment status changes Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    72. 72. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account • Duplicate logins • Increased access when containment status changes • Attaching a contained database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    73. 73. Data Protection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    74. 74. Data Protection • Cryptography Enhancements Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    75. 75. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    76. 76. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    77. 77. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    78. 78. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! • Maximum certificate key length increased to 4,096 from 3,456 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    79. 79. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! • Maximum certificate key length increased to 4,096 from 3,456 • Service and database master keys now use AES instead of Triple-DES (for backups too) Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    80. 80. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! • Maximum certificate key length increased to 4,096 from 3,456 • Service and database master keys now use AES instead of Triple-DES (for backups too) • FROM BINARY option on CREATE CERTIFICATE Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    81. 81. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    82. 82. Auditing • Basic server auditing supported in all SQL Server editions! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    83. 83. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    84. 84. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    85. 85. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    86. 86. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets • Better performance Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    87. 87. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets • Better performance • Persist state Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    88. 88. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets • Better performance • Persist state • Audit resilience Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    89. 89. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    90. 90. Auditing • Resilient to failure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    91. 91. Auditing • Resilient to failure • Can recover from failure to write to the log Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    92. 92. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    93. 93. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors • Wee bit better than shutdown on failure! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    94. 94. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors • Wee bit better than shutdown on failure! • FAIL_OPERATION option for the ON_FAILURE event in CREATE SERVER AUDIT Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    95. 95. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors • Wee bit better than shutdown on failure! • FAIL_OPERATION option for the ON_FAILURE event in CREATE SERVER AUDIT • If problem with audit initiation at startup, server instance won’t start Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    96. 96. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    97. 97. Auditing • Cap files without rollover Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    98. 98. Auditing • Cap files without rollover • Formerly could have either: Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    99. 99. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    100. 100. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    101. 101. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    102. 102. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over • Control amount of information without losing audit records Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    103. 103. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over • Control amount of information without losing audit records • MAX_FILES option on CREATE SERVER AUDIT Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    104. 104. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over • Control amount of information without losing audit records • MAX_FILES option on CREATE SERVER AUDIT • Blocks and rolls back operations until clear Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    105. 105. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    106. 106. Auditing • User-defined audit events Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    107. 107. Auditing • User-defined audit events • Write what you want to the audit log Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    108. 108. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    109. 109. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write • @user_defined_event_id Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    110. 110. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write • @user_defined_event_id • @succeeded Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    111. 111. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write • @user_defined_event_id • @succeeded • @user_defined_info (custom string) Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    112. 112. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    113. 113. Auditing • Filter audit events Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    114. 114. Auditing • Filter audit events • Built on extended events Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    115. 115. Auditing • Filter audit events • Built on extended events • Pretty fine control over what gets written Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    116. 116. Auditing • Filter audit events • Built on extended events • Pretty fine control over what gets written • Use the WHERE clause on the CREATE SERVER AUDIT statement Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    117. 117. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    118. 118. Auditing • T-SQL stack frame information Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    119. 119. Auditing • T-SQL stack frame information • Determine if query from stored procedure or directly from application Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    120. 120. Auditing • T-SQL stack frame information • Determine if query from stored procedure or directly from application • See the nested frame for the query Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    121. 121. Learn More! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    122. 122. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    123. 123. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    124. 124. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details!• Learn more about SQL Server on SlideShare: Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    125. 125. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details!• Learn more about SQL Server on SlideShare:  SQL 2012: Development & Programming Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

    ×