Safely and Easily Use High-Level Permissions Without Granting Them to Anyone: Database-level

Come see how easy it truly is to "grant" high-level permissions in the safest, most granular, most controllable way.

SQLCLR vs. SQL Server 2012 & 2014 & 2016, Part 7: “CLR strict security” – The Problem Continues … in the Past (Wait, What?!?)

Using SQLCLR on SQL Server 2012, 2014, or 2016? Jealous of the "fun" those on SQL 2017 are having with "CLR strict security"? Come see how you can join the party 😼

Safely and Easily Use High-Level Permissions Without Granting Them to Anyone: Server-level

Come see how easy it truly is to "grant" high-level permissions in the safest, most granular, most controllable way.

PLEASE, Please, please Stop Using Impersonation, TRUSTWORTHY, and Cross-DB Ownership Chaining

Module Signing was introduced in SQL Server 2005, and yet people are still using Impersonation and TRUSTWORTHY. This needs to stop.

SQLCLR vs. SQL Server 2017, Part 6: “Trusted Assemblies” – Whitelisted Assemblies can’t do Module Signing

"Trusted Assemblies", a new feature starting in SQL Server 2017, is a means of whitelisting Assemblies that one feels pose no threat, and can be created (and used) without needing to be a) signed and b) have a corresponding signature-based Login that has been granted the UNSAFE ASSEMBLY permission. In Part 4 of this series… Continue reading SQLCLR vs. SQL Server 2017, Part 6: “Trusted Assemblies” – Whitelisted Assemblies can’t do Module Signing

SQLCLR vs. SQL Server 2017, Part 2: “CLR strict security” – Solution 1

As mentioned in Part 1 of this "SQLCLR vs. SQL Server 2017" series, the new clr strict security server-level configuration option requires that in order to create any Assembly, even a SAFE one, it must be signed (by a Certificate or Strong Name Key), and there must already exist a corresponding Login, based on the… Continue reading SQLCLR vs. SQL Server 2017, Part 2: “CLR strict security” – Solution 1