Chat
Topic : What's new in SQL Server 2005 Security? Chat Expert : Vinod [MVP]
March
23, 2005
subhashini
(Moderator):
hello everbody . A very good evening to all of you. :-) subhashini
(Moderator):
Welcome to today's chat on Whats new in SQL Server 2005 subhashini
(Moderator):
We have Vinod M Kumar(MVP) with us today. subhashini
(Moderator):
I am sure most of already know him subhashini
(Moderator):
Just to give a quick brief about him subhashini
(Moderator):
Vinod Kumar did his Bachelors of Engineering in Mechanical from Anna
University, Chennai. After graduation, he joined SCT Software Solutions
(then Exeter Systems) where he worked for about 4 years. He has worked
for a team called Technology Labs which evaluates various Microsoft
technologies and products and their relevance in this line of business.
He is presently with Intel Technologies, Bangalore. He has been working
on Microsoft Technologies all along his professional career and is
very inclined towards learning every new concept that Microsoft comes
out with. In this process, he has gathered tons of knowledge to share
with all. subhashini (Moderator):
Catch all the resources and articles Vinod has written at www.ExtremeExperts.com
<http://www.ExtremeExperts.com>,
the site he co-hosts. He has been very passionate about SQL Server
programming and loves to experiment different programming tricks in
SQL Server. subhashini
(Moderator):
Vinod is an active volunteer in INETA and PASS. He has initiated a
SQL Server community in Bangalore. To capture more events on SQL Server,
join the group at <http://groups.msn.com/SQLBang>
which was formed as an initiative to bring PASS community in India. subhashini
(Moderator):
Now before we start a few chat rules subhashini
(Moderator):
Please refrain from sending any private messages to the expert during
the chat subhashini (Moderator):
Chat Procedures:
This chat will last for one hour. During this hour, our Experts will
respond to as many questions as they can. Please understand that there
may be some questions we cannot respond to due to lack of information
or because the information is not yet public. We encourage you to
submit questions for our Experts. We ask that you stay on topic for
subhashini (Moderator):
the duration of the chat. This helps the Guests and Experts follow
the conversation more easily. We invite you to ask off topic questions
after this chat is over. subhashini (Moderator):
So let's get the chat rolling and lets welcome Vinod subhashini
(Moderator):
Hi Vinod Vinod[MVP] (Expert):
Hi All ... Vinod[MVP] (Expert):
Welcome to the chat on Security in SQL Server 2005. Vinod[MVP]
(Expert):
Disclaimer: Just a word of caution that we are talking on technology
that is still in the Beta stages. Hence there *might* be implemetation
changes before the RTM. Vinod[MVP] (Expert):
So, in this chat we will walk through some of the security enhancements
that have been introduced in SQL Server 2005. Even thought the chat
will give you a glimpse of what is in store in SQL Server 2005. We
will also try to demystify some of the jargons that fly around when
you hear SQL Server 2005. Vinod[MVP]
(Expert):
This chat will try to re-inforce the SD3C initiative that Microsoft
took seriously. Namely the secure by design, secure by default, and
secure in deployment and communication. Vinod[MVP]
(Expert):
The fundamental way to reduce security issues are:
1. Restricting user access to the server - strong authorization model
2. Disabling services and restricting service configuration - Enable
what you need specifically. Secure by default logic.
3. Reducing the surface area of attack for new features - reduce DOS
attacks Vinod[MVP] (Expert):
Let me next try to list you some of the security enhancements that
have gone behind SQL Server 2005.
1. User-Schema Separation
2. Granular permission control
3. Enforce Password policies
4. Execution Context in modules
5. Data encryption inside database
6. Proxy account concepts
7. Profiler Enhancement
and more ... Vinod[MVP] (Expert):
Before we jump start. In the past, database security was usually described
in terms of servers, databases, objects, and users. With the release
of SQL Server 2005 these terms have been modified and consolidated
into two distinct terms: principles and securables. Vinod[MVP]
(Expert):
Principals: include individuals, groups, and processes that can request
SQL Server resources. Like other components of the SQL Server authorization
model, principals can be arranged in a hierarchy with the scope of
influence of a principal depending upon the scope of its definition
(Windows, Server, Database) and whether it is indivisible or a collection.
An example of an indivisible principal is a Windows Login. Vinod[MVP]
(Expert):
Securables: are the resources to which the SQL Server authorization
system regulates access. It may be easier to remember that securables
are SQL Server objects but these objects can be contained in different
levels.
Securable scopes are server, database and schema. SQL Server login,
Assemblies, DDL Events, Table, View, Function, Procedure etc. Vinod[MVP] (Expert):
Finally,
Grantor: is the principal that grants the permission
Grantee: is the principal to whom the permission is granted Vinod[MVP]
(Expert):
That was the basics ... Now lets get into a sepcific security enahancement
in SQL Server 2005 Vinod[MVP] (Expert):
-- Separation of users and schema -- Vinod[MVP]
(Expert):
The big change in the security model in SQL Server 2005 simplifies
the relationship between users and objects and lets you add and drop
users without needing to worry about objects the users own. For ANSI
compliance, SQL Server 2005 distinguishes between users and schemas. Vinod[MVP] (Expert):
Schema as a collection of database objects that one user owns and
that form one namespace. You can think of a schema as a container
of objects. Every new database you create in SQL Server 2005 includes
several schemas. Corresponding to the dbo, INFORMATION_SCHEMA, and
guest "users" in SQL Server 2000, each SQL Server 2005 database
has schemas with these names. Vinod[MVP]
(Expert):
You can assign new users a default schema that might not exist when
you create the user. A user's default schema is used for name resolution
during object creation or object reference. Hence in SQL Server 2005,
the name resolution for a table <table1> will happen in order
of: Look for sys.table1, then Look for <UserName>.table1 and
finally Look for dbo.table1. Vinod[MVP]
(Expert):
Hence you can see that the name resolution of UserName.ObjectName
will now translate to SchemaName.ObjectName. We still hold all the
backward compatibility and hence when we migrate objects from SQL
Server 2000 a default schema as the username is created automatically.
And the concept of objects created by sysadmins reside under the dbo
schema still holds good in SQL Server 2005. Vinod[MVP]
(Expert):
So that was the first enhancement "User-Schema Separation".
Hope that is clear Vinod[MVP] (Expert):
Questions on this people? subhashini
(Moderator):
hi all, request you guys to use the button "submit a question"
for any queries Vinod[MVP] (Expert): Q: What is most facinating things we can see in this version? A: As I said earlier wrt security there are loads of enhancements
introduced. Vinod[MVP] (Expert): Q: pgthyagu: Question .......Is the Guest Uesr and the Public
Role still supported ? Is the Guest User also a schema that the user
needs to be given permission into ? pgthyagu: or is every user given
access to the Guest Schema by default ? A: Yes, the Guest
and Pulic roles are still available. That is because we need to support
them for backward compatibility Vinod[MVP]
(Expert): Q: pgthyagu: Question .......Is the
Guest Uesr and the Public Role still supported ? Is the Guest User
also a schema that the user needs to be given permission into ? pgthyagu:
or is every user given access to the Guest Schema by default ? A: Moreover, The concept is such that when you migrate from
SQL Server 2000. The concept of schema is not present. Hence we will
create a Schema of the same name of Username. hence dbo.object no
longer is owner.objectname but is schema.objectname Vinod[MVP]
(Expert): Q: or is every user given access to
the Guest Schema by default ? A: No. Around the security
principle. Unless you are granted acess to you will not have access
to the Guest Schema. Vinod[MVP] (Expert): Q: What is the scope of guest User in 2005 A: Schema
as said is a objects container. So what do you mean by scope. We willnot
access any of the objects from the guest schema unless the user has
access to them. Vinod[MVP] (Expert): Q: The schema sounds like borrowed from Oracle, but Oracle
concentrates more to some thing like failover (high availability)
and securing data with minimum loss due to user errors what's new
in this phase? that's what's the security perspective when A:
The concept is from the SQL-99 standards that define that objects
are contained and that container is owned by users. There is nothing
specific that SQL Server 2005 tries to project for this enhancement.
Think if a user quits the company what happens is that association
need to be replaced from user1.Object to user2.object. To eliminate
such problems the concept of schema was introduced. Vinod[MVP]
(Expert): Q: plz tell abt xml support A:
This is a seciruty chat. What specific in XML are you looking at?
Check this chat on XML features at: http://www.microsoft.com/india/msdn/chat/transcripts/151.aspx Vinod[MVP] (Expert): Q:
Is there any enhancement for Active Directory Users compare to sql
server2000 A: From a user perspective. I see "Enforced
password policy for standard logins" is a great enhancement to
SQL Server 2005. But these increase the capability of SQL Server logins.
Not windows users logins. I will talk on them next Vinod[MVP]
(Expert):
Ok to illustrate the next enhancement. Vinod[MVP]
(Expert):
--- Enforced password policy for standard logins --- Vinod[MVP]
(Expert):
Administrators will be able to specify Microsoft Windows-style policies
on standard logins so that a consistent policy is applied across all
accounts in the domain. This has increased the scope and standardizing
policies for SQL Logins too. Vinod[MVP]
(Expert):
Regardless of authentication mode and policy enforcement, SQL Server
2005 Setup Wizard does not permit non-blank passwords for sa account
during the installation. Another Secure by default implementation. Vinod[MVP] (Expert):
You can use CHECK_EXPIRATION and CHECK_POLICY clauses when creating
new logins with the CREATE LOGIN T-SQL statement. CHECK_EXPIRATION
controls password expiration, while CHECK_POLICY determines both the
state of password complexity and account lockout settings. Including
the MUST_CHANGE clause forces the user to change the password when
logging in for the first time. Vinod[MVP]
(Expert):
A typical implementation:
CREATE LOGIN ChatUser
WITH
PASSWORD = 'Dem0$tr0NGPa$$word' MUST_CHANGE,
CHECK_EXPIRATION = ON, CHECK_POLICY = ON Vinod[MVP]
(Expert):
So that is how we have security implemented for SQL Server logins
too. That is a key enhancement Vinod[MVP]
(Expert):
Note: This will be possible ONLY if the SQL Server 2005 is running
on Windows 2003 Server class machines. This is not available for Windows
2000 Server machines Vinod[MVP] (Expert):
Questions on this feature? Vinod[MVP]
(Expert): Q: can u brief on the security features
of SQl server 2005 compared to 2000 A: I will be outlining
one after the another moving forward. We are at the second feature.
More interesting features to come by Vinod[MVP]
(Expert): Q: How System tables relates to the
Information_Schema ? A: INFORMATION_SCHEMA is a standard
way to defined by ANSI. This all databases have to confirm to. Hence
you can see all the metadata (data about the data) is stored in standard
views developed. These are information Schemas.
In SQL Server 2005 we have DMV and DMF. Dynamic Management View's
and functions that extend the capability that Information schema's
were not capturing Vinod[MVP] (Expert): Q: Did you stated at installation you have blank password for
sa A: I stated, in SQL Server 2005, you cannot have a blank
password. And if you install on Windows 2003 server machines and if
your policies have strong passwords then you need to comply to that
constraint too :) Vinod[MVP] (Expert): Q: can we upgrade sql 2005 on sql 2000? A: The short
answer is Yes.
Microsoft has yet to release a upgrade tool. But there are efforts
going behind the scene's to get one. Dont be surprised if you find
one before the RTM.
Moreover, from a personal experience. I've seen that most of the databases
on SQL Server 2000 can be backed up and the backup file can be restored
on SQL Server 2005 without any problems. It works like a gem. Vinod[MVP] (Expert): Q:
The DMVs . brings me to the topic of Row Level Security .. can this
be impleted on user tables? A: Row Level Security can be
implemeted on user tables too. It is very much possible.
You will not find much on the internet about this. But there is a
CREATE EXPRESSION DDL that can be used and we can create expressions
that allows specific data available for Users. Once users have GRANT's
to that expression, they get a chance to view those data.
And to correct on your statement. Its not the DMV's alone that implement
row level security. But the whole database implements the same. Create
a readonly user and fire a select * from sysobjects in SQL Server
2000 and in SQL Ser er 2005. Find the difference for yourself. Vinod[MVP] (Expert):
Ok Let me move to the next enhancement Vinod[MVP]
(Expert):
-- Execution context on modules -- Vinod[MVP]
(Expert):
SQL Server 2005 will allow you to specify a context under which statements
in a module execute. This feature also acts as an excellent mechanism
for granular permission management. Vinod[MVP]
(Expert):
To fully understand the benefits of this feature, let's first take
a look how the execution context of programmable modules (such as
stored procedures or functions) on dependent objects was handled in
SQL Server 2000. The ability to launch such modules is still determined
by their permissions. Vinod[MVP] (Expert):
If calls required access to another object (a stored procedure that
reads or modifies a table), then an evaluation of the permissions
necessary to accomplish this would depend on whether both the module
and the object have the same owner or if explicit permissions have
been given to the user. This mechanism is called ownership chaining
and still applies in SQL Server 2005. Vinod[MVP]
(Expert):
SQL Server 2005 provides the ability to alter the execution context
with the EXECUTE AS clause available as part of the definition of
stored procedures, functions, queues, and triggers. Execution context
information is maintained in the sys.sql_modules catalog view. Vinod[MVP] (Expert):
The following values to be used as part of the EXECUTE AS clause:
1. EXECUTE AS CALLER - the module executes in the security context
of its caller
2. EXECUTE AS USER='user_name' - assigns the security context of a
specific database user for the duration of the module execution
3. EXECUTE AS SELF - designates the user who creates (or modifies)
the module definition as the one whose security context will be used
to execute it
4. EXECUTE AS OWNER - designates the owner of the module Vinod[MVP]
(Expert):
So that was Execution Context for you. But there are more advantages
to this. Lets take a scenario. Vinod[MVP]
(Expert):
If in SQL Server 2000 I need to give TRUNCATE operation alone to a
specific user on a particular table. Vinod[MVP]
(Expert):
I cannot do that actually in SQL Server. I need to give the alter
grant and will open doors to extra priviledges to the user. hence
u can write a SP that truncates data from that table Vinod[MVP]
(Expert):
And run that under a user account that has access. And grant execute
alone to the user. Vinod[MVP] (Expert):
Hence the user cannot directly delete data. But can execute the SP
that truncates data for him. Vinod[MVP]
(Expert):
Questions on this feature? Vinod[MVP]
(Expert): Q: How do we differentiate between
a schema and a User A: Schema - Container of objects. Includes
SP's, function, views, tables etc.
User - Owns Schema's. Has access to multiple schema's hence has access
to other objects residing in different schema's.
Hope that makes it clear. Vinod[MVP]
(Expert): Q: What features of sql 2k are not
supported in sql 2k5 - means feature have no backward compatibility
in context ofSECURiTY? A: AFAIK, all features available
on SQL Server 2000 are applicable for SQL Server 2005 too. There are
enhancements available to the existing infrastructure. Vinod[MVP]
(Expert): Q: Question on PASSWord POLICY ...
Can the logins in sql 2000 be transferred to SQL 2k5 ... If so if
the passwords dont confrom to the Password Policy , is the login not
transfered ? A: These will flawlessly migrate to start
off. But will be running under the SQL Server 2000 security model.
And Enforsing password policy is a switch. Even in SQL Server 2005
you can have login's that dont use that. It an additional feature.
Once you enable it for a login. It has to comply. Vinod[MVP]
(Expert): Q: Question on PASSWord POLICY ...
will be great if u can answer ... Can the logins in sql 2000 be transferred
to SQL 2k5 ... If so if the passwords dont confrom to the Password
Policy , is the login not transfered ? A: Answered on that.
Logins will be transfered. Vinod[MVP]
(Expert): Q: Hence the user cannot directly
delete data. But can execute the SP that truncates data for him. =
why so? any major benfit? A: By giving alter permission
the user get more priviledges than he needs. hence you might want
to grant him access to just a SP that internally delete's using a
security context of a different user.
The idea is user cannot have direct access to perform operations on
the table. This might be for security reasons why you are restricting. Vinod[MVP] (Expert): Q:
CAN YOU TELL ME VINOD, A SINGLE POINT WHERE SQL SRVR2K5 SCORES OVER
ORACLE 9i? A: This debate can go on. But I see there are
tons and tons of new features in SQL Server 2005 that are interesting
and not available on Oracle. Just browse through the transcript later
and see if Oracle implements these features. I would not like to dwell
more on DB comparision in this chat. Vinod[MVP]
(Expert): Q: Is any of these features(security)
depends .NET A: Ok let me explain the CLR security aspect
too. Vinod[MVP] (Expert): Q: I gone through some where about CLR stored procedure security,
could u explain what that means? A: Here we go on - CLR
Security - Vinod[MVP] (Expert):
With the support for managed code inside the SQL Server database,
Microsoft has developed special security settings to protect the CLR’s
important new objects, assemblies. Because assemblies are stored in
the database, they also get backed up and restored with the database.
Each assembly is associated with [one of three] permission sets, which
you need to specify with the CREATE ASSEMBLY DDL statement. Vinod[MVP]
(Expert):
1. SAFE is the default permission set, but it’s highly restrictive.
With the SAFE setting, you can access only data from a local database
to perform computational logic on that data. Vinod[MVP]
(Expert):
2. EXTERNAL_ACCESS is the next step in the permissions hierarchy.
This setting lets you access external resources such as the file system,
Windows Event Viewer, and Web services. This type of resource access
isn’t possible in SQL Server 2000 and earlier. Vinod[MVP]
(Expert):
3. The UNSAFE permission set assumes full trust of the assembly and
thus imposes no "Code Access Security" limitations. This
setting is comparable to the way extended stored procedures function—you
assume all the code is safe. However, this setting does restrict the
creation of unsafe assemblies to users who have sysadmin permissions.
Vinod[MVP] (Expert):
Even though the Safe and the External_Access are fine for most of
the requirements, I do see a niche requirement in which you might
have a reason to call unmanaged code from CLR assemblies; in such
a case, you’d have to use the UNSAFE permission set. Vinod[MVP]
(Expert):
So that is about the CLR integration and its security features. Vinod[MVP] (Expert):
We plan to have a separate chat on CLR capabilities later sometime.
But that very much summarizes what you will find. Vinod[MVP]
(Expert):
Check this article at: http://www.extremeexperts.com/SQL/Yukon/ManagedExecution.aspx.
Can be used as a starter. Vinod[MVP]
(Expert): Q: I am developing a 3 tier application,
out of which the SQL Server and the component installed on the same
machine. I also need to develope so many sps. Now my qn is, passing
the arguments as a single xml string, will affect the performance
or not ? A: Personally, I dont support that model. Passing
XML data always have extra tag's for each data. Moreover, you will
parse this at the SQL Server end. Iam a supporter of passing them
as normal parameters only. Yes, there will be some performance degradations.
Remember, to close your XML pointers once you use them. They are memory
intensive Vinod[MVP] (Expert): Q: any enhancements in datatype length? A: Enhancements
from a T-SQL fronts. We have XML datatype. And we have Varchar(max),
Varbinary(max) that allow you to store 2GB of data. Vinod[MVP]
(Expert): Q: what is the maximum length of nvarchar
in sql2k5, we have 4KB in sql2k A: Nothing has changed,
except that now we have NVarchar(Max) that can again store 2GB data. Vinod[MVP] (Expert): Q:
is there date and datetime field separate in sql2k5 ? i face lots
of probs by this field containing date and time both .. A:
No. We dont presently have in SQL Server 2005 out-of-the-box. Having
said that we have User-Defined Types that can be implemented using
CLR languages wherein you can create new datatypes that you can use. Vinod[MVP] (Expert): Q:
what is enhancement in recovery from crashed discs ? A:
Can you be more specific to what you are looking here. How is this
related to Security (context of today's chat). Vinod[MVP]
(Expert): Q: What are the Security Features
does SQL Server Express Edition has? A: All the features
discussed are common for SQL Server 2005 in general. All the flavor
of SQL Server 2005 exercise the same model Vinod[MVP]
(Expert):
So lets move to the next feature. -- Data encryption within the database
--- Vinod[MVP] (Expert):
SQL Server 2005 will support encryption capabilities within the database
itself, fully integrated with a key management infrastructure. Lets
take a closer look into this topic from the basics: Vinod[MVP]
(Expert):
In general, encryption is a mechanism for protecting data, which applies
to it a specially designed algorithm, effectively obfuscating its
content by making it different from the original. Use of the algorithm
involves a component known as the encryption key (a sequence of characters).
The process can be reversed by applying an appropriate decryption
key and equivalent algorithm, yielding the original data. Vinod[MVP]
(Expert):
Encryption can be symmetric or asymmetric, depending on whether the
key used to protect the data is identical to the one used to recover
it. The need to use the same key in both operations makes the first
type inherently less secure. But the good news is SQL Server 2005
supports both the methods. Vinod[MVP]
(Expert):
Asymmetric encryption is based on algorithms that are more complex
and its impact on performance is more significant. Hence not recommended
for large amount of data as it would consume more CPU cycles. The
keys forming the pair used in asymmetric algorithms are known as public
and private keys. What are the problems here? Vinod[MVP]
(Expert):
The first question is "how can a recipients of a public key can
be certain that what they have received truly represents the identity
of the holder of the corresponding private key?". The solution
comes in the form of digital certificates. A certificate is a digitally
signed piece of software that associates a public key with the identity
of the private key owner, assuring its authenticity. Vinod[MVP]
(Expert):
Having made our foundation on this concept, we can see how SQL Server
2005 implements the same. Starting with SQL Server 2005, all necessary
encryption components are available natively. Vinod[MVP]
(Expert):
Creation, storage, and other certificate and key management tasks
can be handled internally, without resorting to features of the operating
system or third party products. Encryption and decryption is provided
by pairs of functions complementing each other - EncryptByCert() and
DecryptByCert(), EncryptByAsymKey() and DecryptByAsymKey(), EncryptByKey()
and DecryptByKey(), as well as EncryptByPassphrase() and DecryptByPassphrase(). Vinod[MVP] (Expert):
In order to generate a new certificate, use the CREATE CERTIFICATE
DDL T-SQL statement. A typical T-SQL looks like:
CREATE CERTIFICATE ChatEncryptionCertificateWITH
SUBJECT = 'Demo Certificate',
EXPIRY_DATE = '01/01/2010' Vinod[MVP]
(Expert):
And we will encrypt it as:
Select EncryptByCert (Cert_ID('ChatEncryptionCertificate'), 'Sample
data for demo') Vinod[MVP] (Expert):
This will yield a encrypted value that can be Decrypted as:
Select DecryptByCert (Cert_ID('ChatEncryptionCertificate'), @EncryptedData) Vinod[MVP] (Expert):
This was a typical use of Encryption logic using Asymmetric keys.
But there is again a whole host of commands to generate symmetric
keys where we can specify the encryption algorithms (your choices
include DES, TRIPLE_DES, RC2, RC4, DESX, AES_128, AES_192, AES_256,
although their availability might depend on the underlying operating
system). Vinod[MVP] (Expert):
So that were the encryption logics available in SQL Server 2005. Its
interesting and a lot can be done. Remember the whole process of encryption
and decryption can consume CPU cycles. Hence can be under the performance
radar. Vinod[MVP] (Expert):
Questions on this interesting feature? Vinod[MVP]
(Expert):
Then, Let me take another tool where some enhancements have gone. Vinod[MVP] (Expert):
-- The Profiler -- Vinod[MVP] (Expert):
One of the long awaited improvements in this area is delegating the
ability to run SQL Profiler without granting membership in the SysAdmin
fixed server role. Vinod[MVP] (Expert):
SQL Profiler auditing now covers not only SQL Server 2005 activities
but also events generated by SQL Server 2005 Analysis Services, DTS
packages and more. Vinod[MVP] (Expert):
Now we have a TRACE grant that can be given to users and we are all
set to run profiler Vinod[MVP] (Expert): Q: Is this Encryption and Decryption same as .net Encryption
Decryption? A: What is specific that you want to compare?
This gets into database and not as a .NET API. Hence effective .. Vinod[MVP] (Expert): Q:
How to get the sql server error object into the client program(.net) A: You might be interested in the try-catch enhancement in
SQL Server. http://www.sswug.org/see/20064
gives a pointer. subhashini
(Moderator):
we have almost come to the end of the chat . Vinod[MVP]
(Expert): Q: Encryption Alogirithm A:
Your choices include DES, TRIPLE_DES, RC2, RC4, DESX, AES_128, AES_192,
AES_256 subhashini (Moderator):
i request all of you to post your queries by emailing Vinod at vinod@extremeexperts.com Vinod[MVP] (Expert):
Any more questions people? Vinod[MVP]
(Expert):
So before I sign off, here are some cool links to bookmark: Vinod[MVP]
(Expert):
Security in SQL Server 2005: http://www.microsoft.com/sql/2005/productinfo/securityfeatures_1.asp http://www.microsoft.com/sql/2005/productinfo/securityfeatures_2.asp Vinod[MVP] (Expert):
SQL Server Mag- Inside SQL Server 2005 Security: http://www.windowsitpro.com/Windows/Articles/ArticleID/42031/pg/1/1.html Vinod[MVP] (Expert):
MSDN Webcast: The New Security Model in SQL Server 2005: http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032263279&EventCategory=5&culture=en-us&CountryCode=US Vinod[MVP] (Expert):
Code/Module Signing in SQL Server 2005: http://blog.database-security.info/2005/01/codemodule-signing-in-sql-server-2005.html Vinod[MVP] (Expert):
Apart from these. You can always find us at the Usergroup activities
at http://groups.msn.com/SQLBang
(Bangalore's SQL Server Usergroup). I write my articles on www.ExtremeExperts.com. subhashini
(Moderator):
great. thanks Vinod subhashini (Moderator):
Thank you guys for attending this chat, hope teh session was informative
and useful subhashini (Moderator):
feel free to pool in your feedback at commind@microsoft.com subhashini
(Moderator):
Thanks Vinod for a greta chat:-) Vinod[MVP]
(Expert):
Had fun and found some interesting questions too. Hope you enjoyed
the chat !!! subhashini (Moderator):
Thanks Vinod for a great chat:-) subhashini
(Moderator):
hope you have a great evening :-) Vinod[MVP]
(Expert):
Bye all.
