SlideShare a Scribd company logo

SQL Server Security Basics

LearnNowOnline
LearnNowOnline

Understand potential data threats and how SQL Server’s design protects against them.

Technology
1 of 69
SQL Server Security Basics Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Objectives • Understand potential data threats and how SQL Server’s design protects against them • Learn about SQL Server and Windows integrated authentication • See how SQL Server provides an authorization system to control access to data and objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Security Overview • Relational data is a tempting target for attackers • SQL Server 2008 provides plenty of features to secure your data and server • Need to understand the threats • Match countermeasures to the threats Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The Threats • Identifying threats is a critical first step • Type of data will probably influence security measures • Sometimes the best way to protect data is to never put it in a database • Typical threats • Theft of data • Data vandalism • Protecting data integrity • Illegal storage • Understand threats to protect against them Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Security Design Philosophy • Trustworthy Computing memo, 2002 • Four pillars of security design • Secure by design • Secure by default • Secure in deployment • Secure through communications • “It’s just secure” • Implications throughout the product • SQL Server is reasonably secure out of the box • Your job is to keep it secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The Two Stages of Security • Similar to Windows security • Authentication: who are you? • Authorization: now that we know who you are, what can you do? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization • Group Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login • User Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Authentication • Process of verifying that a principal is who or what it claims to be • SQL Server has to uniquely identify principals in order to authorize • Two paths to authentication • Windows authentication • SQL Server authentication • Authentication modes • Mixed Mode Authentication • Windows Only Authentication Mode Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Windows Integrated • SQL Server assumes a trust relationship with Windows Server • Windows does the heavy lifting for authentication • The SQL Server checks permissions on the principal • Advantages • Single user login • Auditing features • Simplified login management • Password policies • Changes only take effect when user connects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Configuring SQL Server Security Settings • Select either when install or later • Settings apply to all databases and server objects in an instance of SQL Server • Changing modes after installation may or may not cause problems • Windows to Mixed • Mixed to Windows Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
SQL Server Authentication • Client applications must provide login credentials as part of connection string • Logins stored in SQL Server • Windows authentication stronger • But must use SQL Server authentication with old versions of Windows, non- Windows systems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Windows and SQL Server Logins • SQL Server logins are not stored in Windows • Disabled if you select Windows authentication • Mixed mode is much more flexible • But less secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Beware of the sa Login • System administrator login • Mapped to sysadmin fixed server role • Conveys full system administrator privileges • Cannot modify or delete • Must use a strong password! • Use only as access of last resort • NEVER use sa for database access through client applications Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Password Policy and Enforcement • Before SQL Server 2005, no enforcement of passwords for SQL Server logins • No minimum strength • No expiration policy • SQL Server now hooks into Windows password policy • Windows Server 2003, Vista, and later versions • NetValidatePasswordPolicy API method Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases • Not a security feature per se • But introduces a new authentication scheme • Solves problem of moving databases • Past: move database plus external dependencies • Contained databases solves associated problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Authorization • Principals: user or process allowed to access securable objects • Securables: protected resource • Permissions: type of access Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Principals Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Principals • Windows-level principals • Windows Domain Login • Windows Group • Windows Local Login • SQL Server-level principals • SQL Server Login • SQL Server Login mapped to a certificate • SQL Server login mapped to a Windows login • SQL Server Login mapped to an asymmetric key • Database-level principals • Application Role • Database Role • Database User • Database User mapped to a certificate • Database User mapped to a Windows login • Database User mapped to an asymmetric key • Public Role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Principals • Scope of a principal determines scope of permission • Principal can be a login, user, or role • Roles are analogous to Windows groups • Users in role inherit role’s permissions • Simplify security management • Types of roles • Fixed server roles • User-defined server roles • Fixed database roles • User-defined database roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Fixed Server Roles • Cannot alter, even to add new ones, except to add logins to a role • Server roles • System administrator • Bulk insert administrator • Database creator • Disk administrator • Process administrator • Server administrator • Setup administrator • Security administrator Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
User-Defined Server Roles • Long awaited security feature • Long have had user-defined database roles • But nothing at the server level • Used to be, only way to grant some permissions was through a fixed server role • SQL Server 2012 solves these problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Fixed Database Roles • Control authorization within a database • Configure each database individually • Database roles • db_accessadmin • db_backupoperator • db_datareader • db_datawriter • db_ddladmin • db_denydatareader • db_denydatawriter • db_owner • db_securityadmin Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The Public Role • Every database user assigned to this role • Be very careful about granting permissions • Normally restrict permissions for this role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The dbo (Database Owner) Role • Mapped to sysadmin fixed server role • Not related to db_owner role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
User-Defined Database Roles • Standard role • Application role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects • Protected resource that you can control access to • Physical object or action Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Server Database Endpoint Remote Binding Route Server Role SQL Server Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Server Database Database Endpoint Application Role Remote Binding Assembly Route Asymmetric Key Server Role Certificate SQL Server Database user Login Fixed Database Role Full-Text Catalog Message Type Schema Service Service Contract Symmetric Key Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Server Database Database Endpoint Application Role Schema Remote Binding Assembly Default Route Asymmetric Key Function Server Role Certificate Procedure SQL Server Database user Query Stats Login Fixed Database Queue Role Rule Full-Text Synonym Catalog Table Message Type Trigger Schema Type Service View Service Contract XML Schema Symmetric Key Collection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare  A Tour of SQL Server Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

Recommended

Basics of telecommunication and networking
Basics of telecommunication and networkingBasics of telecommunication and networking
Basics of telecommunication and networkingMilan Padariya
 
Telecommunication
TelecommunicationTelecommunication
Telecommunicationshahryarshahzad
 
Telecom ppt
Telecom pptTelecom ppt
Telecom pptVikas Saini
 
Basic of telecommunication presentation
Basic of telecommunication presentationBasic of telecommunication presentation
Basic of telecommunication presentationhannah05
 
telecommunication-ppt
telecommunication-ppttelecommunication-ppt
telecommunication-pptsecomps
 
Windows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesWindows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesLearnNowOnline
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionLearnNowOnline
 
New in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDENew in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDELearnNowOnline
 

Recommended

Basics of telecommunication and networking
Basics of telecommunication and networkingBasics of telecommunication and networking
Basics of telecommunication and networkingMilan Padariya
 
Telecommunication
TelecommunicationTelecommunication
Telecommunicationshahryarshahzad
 
Telecom ppt
Telecom pptTelecom ppt
Telecom pptVikas Saini
 
Basic of telecommunication presentation
Basic of telecommunication presentationBasic of telecommunication presentation
Basic of telecommunication presentationhannah05
 
telecommunication-ppt
telecommunication-ppttelecommunication-ppt
telecommunication-pptsecomps
 
Windows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesWindows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesLearnNowOnline
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionLearnNowOnline
 
New in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDENew in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDELearnNowOnline
 
Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingAttributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingLearnNowOnline
 
Asynchronous Programming
Asynchronous ProgrammingAsynchronous Programming
Asynchronous ProgrammingLearnNowOnline
 
WPF: Working with Data
WPF: Working with DataWPF: Working with Data
WPF: Working with DataLearnNowOnline
 
WPF Binding
WPF BindingWPF Binding
WPF BindingLearnNowOnline
 
A tour of SQL Server
A tour of SQL ServerA tour of SQL Server
A tour of SQL ServerLearnNowOnline
 
Introducing LINQ
Introducing LINQIntroducing LINQ
Introducing LINQLearnNowOnline
 
Generics
GenericsGenerics
GenericsLearnNowOnline
 
Object oriented techniques
Object oriented techniquesObject oriented techniques
Object oriented techniquesLearnNowOnline
 
Object-Oriented JavaScript
Object-Oriented JavaScriptObject-Oriented JavaScript
Object-Oriented JavaScriptLearnNowOnline
 
SharePoint Document Management
SharePoint Document ManagementSharePoint Document Management
SharePoint Document ManagementLearnNowOnline
 
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathSharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathLearnNowOnline
 
Managing site collections
Managing site collectionsManaging site collections
Managing site collectionsLearnNowOnline
 
Web API HTTP Pipeline
Web API HTTP PipelineWeb API HTTP Pipeline
Web API HTTP PipelineLearnNowOnline
 
Web API Basics
Web API BasicsWeb API Basics
Web API BasicsLearnNowOnline
 
SQL Server: Security
SQL Server: SecuritySQL Server: Security
SQL Server: SecurityLearnNowOnline
 
Sql 2012 development and programming
Sql 2012 development and programmingSql 2012 development and programming
Sql 2012 development and programmingLearnNowOnline
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5LearnNowOnline
 
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCKnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCLearnNowOnline
 
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignExpression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignLearnNowOnline
 
The Entity Data Model
The Entity Data ModelThe Entity Data Model
The Entity Data ModelLearnNowOnline
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

More Related Content

More from LearnNowOnline

Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingAttributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingLearnNowOnline
 
Asynchronous Programming
Asynchronous ProgrammingAsynchronous Programming
Asynchronous ProgrammingLearnNowOnline
 
WPF: Working with Data
WPF: Working with DataWPF: Working with Data
WPF: Working with DataLearnNowOnline
 
Object oriented techniques
Object oriented techniquesObject oriented techniques
Object oriented techniquesLearnNowOnline
 
Object-Oriented JavaScript
Object-Oriented JavaScriptObject-Oriented JavaScript
Object-Oriented JavaScriptLearnNowOnline
 
SharePoint Document Management
SharePoint Document ManagementSharePoint Document Management
SharePoint Document ManagementLearnNowOnline
 
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathSharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathLearnNowOnline
 
Managing site collections
Managing site collectionsManaging site collections
Managing site collectionsLearnNowOnline
 
Sql 2012 development and programming
Sql 2012 development and programmingSql 2012 development and programming
Sql 2012 development and programmingLearnNowOnline
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5LearnNowOnline
 
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCKnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCLearnNowOnline
 
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignExpression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignLearnNowOnline
 

More from LearnNowOnline (20)

Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingAttributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programming
 
Asynchronous Programming
Asynchronous ProgrammingAsynchronous Programming
Asynchronous Programming
 
WPF: Working with Data
WPF: Working with DataWPF: Working with Data
WPF: Working with Data
 
WPF Binding
WPF BindingWPF Binding
WPF Binding
 
A tour of SQL Server
A tour of SQL ServerA tour of SQL Server
A tour of SQL Server
 
Introducing LINQ
Introducing LINQIntroducing LINQ
Introducing LINQ
 
Generics
GenericsGenerics
Generics
 
Object oriented techniques
Object oriented techniquesObject oriented techniques
Object oriented techniques
 
Object-Oriented JavaScript
Object-Oriented JavaScriptObject-Oriented JavaScript
Object-Oriented JavaScript
 
SharePoint Document Management
SharePoint Document ManagementSharePoint Document Management
SharePoint Document Management
 
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathSharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPath
 
Managing site collections
Managing site collectionsManaging site collections
Managing site collections
 
Web API HTTP Pipeline
Web API HTTP PipelineWeb API HTTP Pipeline
Web API HTTP Pipeline
 
Web API Basics
Web API BasicsWeb API Basics
Web API Basics
 
SQL Server: Security
SQL Server: SecuritySQL Server: Security
SQL Server: Security
 
Sql 2012 development and programming
Sql 2012 development and programmingSql 2012 development and programming
Sql 2012 development and programming
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5
 
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCKnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVC
 
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignExpression Blend Motion & Interaction Design
Expression Blend Motion & Interaction Design
 
The Entity Data Model
The Entity Data ModelThe Entity Data Model
The Entity Data Model
 

Recently uploaded

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

SQL Server Security Basics

  • 1. SQL Server Security Basics Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 2. Objectives • Understand potential data threats and how SQL Server’s design protects against them • Learn about SQL Server and Windows integrated authentication • See how SQL Server provides an authorization system to control access to data and objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 3. Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 4. Security Overview • Relational data is a tempting target for attackers • SQL Server 2008 provides plenty of features to secure your data and server • Need to understand the threats • Match countermeasures to the threats Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 5. The Threats • Identifying threats is a critical first step • Type of data will probably influence security measures • Sometimes the best way to protect data is to never put it in a database • Typical threats • Theft of data • Data vandalism • Protecting data integrity • Illegal storage • Understand threats to protect against them Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 6. Security Design Philosophy • Trustworthy Computing memo, 2002 • Four pillars of security design • Secure by design • Secure by default • Secure in deployment • Secure through communications • “It’s just secure” • Implications throughout the product • SQL Server is reasonably secure out of the box • Your job is to keep it secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 7. The Two Stages of Security • Similar to Windows security • Authentication: who are you? • Authorization: now that we know who you are, what can you do? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 8. Key SQL Server Security Terms Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 9. Key SQL Server Security Terms • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 10. Key SQL Server Security Terms • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 11. Key SQL Server Security Terms • Authentication • Authorization • Group Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 12. Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 13. Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 14. Key SQL Server Security Terms • Authentication • Permission • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 15. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 16. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 17. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 18. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login • User Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 19. Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 20. Authentication • Process of verifying that a principal is who or what it claims to be • SQL Server has to uniquely identify principals in order to authorize • Two paths to authentication • Windows authentication • SQL Server authentication • Authentication modes • Mixed Mode Authentication • Windows Only Authentication Mode Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 21. Windows Integrated • SQL Server assumes a trust relationship with Windows Server • Windows does the heavy lifting for authentication • The SQL Server checks permissions on the principal • Advantages • Single user login • Auditing features • Simplified login management • Password policies • Changes only take effect when user connects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 22. Configuring SQL Server Security Settings • Select either when install or later • Settings apply to all databases and server objects in an instance of SQL Server • Changing modes after installation may or may not cause problems • Windows to Mixed • Mixed to Windows Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 23. SQL Server Authentication • Client applications must provide login credentials as part of connection string • Logins stored in SQL Server • Windows authentication stronger • But must use SQL Server authentication with old versions of Windows, non- Windows systems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 24. Windows and SQL Server Logins • SQL Server logins are not stored in Windows • Disabled if you select Windows authentication • Mixed mode is much more flexible • But less secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 25. Beware of the sa Login • System administrator login • Mapped to sysadmin fixed server role • Conveys full system administrator privileges • Cannot modify or delete • Must use a strong password! • Use only as access of last resort • NEVER use sa for database access through client applications Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 26. Password Policy and Enforcement • Before SQL Server 2005, no enforcement of passwords for SQL Server logins • No minimum strength • No expiration policy • SQL Server now hooks into Windows password policy • Windows Server 2003, Vista, and later versions • NetValidatePasswordPolicy API method Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 27. Contained Databases • Not a security feature per se • But introduces a new authentication scheme • Solves problem of moving databases • Past: move database plus external dependencies • Contained databases solves associated problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 28. Contained Databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 29. Contained Databases Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 30. Contained Databases Authentication Connection Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 31. Contained Databases Authentication Connection Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 32. Contained Databases Authentication Connection Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 33. Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 34. Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 35. Contained Databases Authentication Connection Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 36. Contained Databases Authentication Connection Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 37. Contained Databases Authentication Connection Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 38. Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 39. Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 40. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 41. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 42. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 43. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 44. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 45. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 46. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 47. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 48. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 49. Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 50. Authorization • Principals: user or process allowed to access securable objects • Securables: protected resource • Permissions: type of access Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 51. Principals Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 52. Principals • Windows-level principals • Windows Domain Login • Windows Group • Windows Local Login • SQL Server-level principals • SQL Server Login • SQL Server Login mapped to a certificate • SQL Server login mapped to a Windows login • SQL Server Login mapped to an asymmetric key • Database-level principals • Application Role • Database Role • Database User • Database User mapped to a certificate • Database User mapped to a Windows login • Database User mapped to an asymmetric key • Public Role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 53. Principals • Scope of a principal determines scope of permission • Principal can be a login, user, or role • Roles are analogous to Windows groups • Users in role inherit role’s permissions • Simplify security management • Types of roles • Fixed server roles • User-defined server roles • Fixed database roles • User-defined database roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 54. Fixed Server Roles • Cannot alter, even to add new ones, except to add logins to a role • Server roles • System administrator • Bulk insert administrator • Database creator • Disk administrator • Process administrator • Server administrator • Setup administrator • Security administrator Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 55. User-Defined Server Roles • Long awaited security feature • Long have had user-defined database roles • But nothing at the server level • Used to be, only way to grant some permissions was through a fixed server role • SQL Server 2012 solves these problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 56. Fixed Database Roles • Control authorization within a database • Configure each database individually • Database roles • db_accessadmin • db_backupoperator • db_datareader • db_datawriter • db_ddladmin • db_denydatareader • db_denydatawriter • db_owner • db_securityadmin Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 57. The Public Role • Every database user assigned to this role • Be very careful about granting permissions • Normally restrict permissions for this role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 58. The dbo (Database Owner) Role • Mapped to sysadmin fixed server role • Not related to db_owner role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 59. User-Defined Database Roles • Standard role • Application role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 60. Securable Objects • Protected resource that you can control access to • Physical object or action Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 61. Securable Objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 62. Securable Objects Server Database Endpoint Remote Binding Route Server Role SQL Server Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 63. Securable Objects Server Database Database Endpoint Application Role Remote Binding Assembly Route Asymmetric Key Server Role Certificate SQL Server Database user Login Fixed Database Role Full-Text Catalog Message Type Schema Service Service Contract Symmetric Key Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 64. Securable Objects Server Database Database Endpoint Application Role Schema Remote Binding Assembly Default Route Asymmetric Key Function Server Role Certificate Procedure SQL Server Database user Query Stats Login Fixed Database Queue Role Rule Full-Text Synonym Catalog Table Message Type Trigger Schema Type Service View Service Contract XML Schema Symmetric Key Collection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 65. Learn More! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 66. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 67. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 68. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 69. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare  A Tour of SQL Server Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. DEMO – Adding a Windows Login, Window Logins via Transact-SQL\n
  22. DEMO – rest of section and SQL Server Logins via Transact-SQL\n
  23. \n
  24. \n
  25. DEMO – rest of section\n
  26. \n
  27. DEMO\n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n
  54. \n
  55. \n
  56. \n
  57. \n
  58. \n
  59. \n
  60. \n
  61. \n
  62. \n
  63. \n
  64. \n
  65. \n
  66. \n
  67. \n
  68. \n
  69. \n
  70. \n
  71. \n
  72. \n
  73. \n
  74. \n
  75. \n
  76. \n
  77. \n
  78. \n
  79. \n
  80. DEMO – rest of section\n
  81. DEMMO – rest of section\n
  82. DEMO – rest of section\n
  83. \n
  84. \n
  85. DEMO – rest of section\n
  86. \n
  87. \n
  88. \n
  89. \n
  90. \n
  91. \n
  92. \n
  93. \n
  94. DEMO: rest of section\n
  95. DEMO: rest of section\n
  96. DEMO: rest of section\n
  97. DEMO: rest of section\n