Feature Restrictions in SQL Server 2019 are Worse Than Useless: a False Sense of Security And Wasted Opportunity

A misguided attempt to improve security that not only increases the chances of SQL Injection, but also prevented useful changes from being made.

Can a Certificate’s Private Key be Imported / Restored From a Binary Literal / Hex Bytes ?

Can a Certificate's Private Key be Restored From a Binary Literal / Hex Bytes? The Documentation Says, "No". What Does SQL Server Say?

SQLCLR vs SQL Server 2017, Part 9: Does PERMISSION_SET Still Matter, or is Everything Now UNSAFE?

For SQLCLR in SQL Server 2017 and newer, when "CLR strict security" is enabled, does PERMISSION_SET matter, or are assemblies always UNSAFE?

SQLCLR vs SQL Server 2017, Part 8: Is SQLCLR Deprecated in Favor of Python or R (sp_execute_external_script)?

(last updated: 2019-01-10 @ 18:00 EST / 2019-01-10 @ 23:00 UTC ) With the additional (and annoying) configuration step required to get SQLCLR Assemblies to load starting in SQL Server 2017, some people have been wondering what is going on with SQLCLR. Considering that this new restriction is the only real change to SQLCLR since… Continue reading SQLCLR vs SQL Server 2017, Part 8: Is SQLCLR Deprecated in Favor of Python or R (sp_execute_external_script)?

Safely and Easily Use High-Level Permissions Without Granting Them to Anyone: Database-level

Come see how easy it truly is to "grant" high-level permissions in the safest, most granular, most controllable way.

SQLCLR vs. SQL Server 2012 & 2014 & 2016, Part 7: “CLR strict security” – The Problem Continues … in the Past (Wait, What?!?)

Using SQLCLR on SQL Server 2012, 2014, or 2016? Jealous of the "fun" those on SQL 2017 are having with "CLR strict security"? Come see how you can join the party 😼

Safely and Easily Use High-Level Permissions Without Granting Them to Anyone: Server-level

Come see how easy it truly is to "grant" high-level permissions in the safest, most granular, most controllable way.

Server Audit Mystery 2: Filtering action_id gets Error Msg 25713

Server Audits allow filtering on certain fields. Two fields claim to be strings, yet don't accept strings for filters. Here's how I figured out filtering on action_id (i.e. the event) :-)

Server Audit Mystery 1: Filtering class_type gets Error Msg 25713

Server Audits allow filtering on certain fields. Two fields claim to be strings, yet don't accept strings for filters. Here's how I figured out filtering on class_type (i.e. object type) :-)

PLEASE, Please, please Stop Using Impersonation, TRUSTWORTHY, and Cross-DB Ownership Chaining

Module Signing was introduced in SQL Server 2005, and yet people are still using Impersonation, TRUSTWORTHY, and Cross-DB Ownership Chaining. This needs to stop.