Microsoft's has a whole new attitude towards the security. In their own words: "We will rethink our approach to security. We will examine our code for vulnerabilities. We will release patches as needed. We will turn off most features by default in order to keep the footprint small. If you need something, turn it on. But if you don't need it, leave it off. That way if a vulnerability is discovered in a product you are not using, you won't be affected."
The latest SQL Servers has come up with many additional security features; these features not only make the database more secure, but also more explicable and easier to manage. Database applications can be developed by the programmers, whilst running with the precise privileges required, with the added new features. This feature is called "the principle of least privilege." A programmer is no more required to run as a SA (System Administrator) or DBA (Database Administrator).
MICROSOFT SECURITY ESSENTIALS LATEST VERSION
Some of the main new features that have been added in the latest version of the server, are as follows:
Security for.NET
A combination of different SQL Server permissions,.NET code security and Windows permissions are required to administer and execute the.NET code. 3 distinct levels are used to decide as to what a code cannot or can do outside and inside of SQL Server.
The Password policies for the users of SQL Server
If running the SQL Server on a Win 2003 Server, then the users are allowed to go by the similar policies as for integrated security users.
To Map a SQL Server user to Windows credentials
The users of SQL Server are allowed to use Windows credentials when they access any of the external resources such as network shares and files.
Separating schemas and users
Schemas in a SQL Server refer to the 1st class objects that can be owned by a user, group, application roles or a role. The fact that the definition of synonyms is allowed, make this very easier to administer.
Permissions grant
It is no longer required for logins or users to be in some specific roles to get certain permissions; all of them are grantable with REVOKE, GRANT and DENY verbs.
Fresh security on the Server's metadata
One is not allowed to directly update the new metadata views, and only if a user has permissions to certain metadata about specific objects, that he can list them.
Support of encryption keys and certificates
The latest security features allows the server to manage encryption keys and certificates, for use with Web Services SSL, with Service Broker, for new data encryption, and with code authentication.
Above are but some of the many new security features the SQL comes with. But It would help you in giving some idea about how the Microsoft has tried to work hard in fixing any security loopholes in the old versions of the SQL Server, and how they have made it much more secure than the earlier versions of this server.
SQL Server Security Updates
More information: SQL server security
MICROSOFT SECURITY ESSENTIALS LATEST VERSION
No comments:
Post a Comment