Addresses SQL Server vulnerabilities and provides security solutions. Covers installation, administration, and programming--plus security issues such as authentication, encryption, intrusion detection, and more. Written for IT professionals administering or programming any SQL Server-based application--includes coverage of SQL Server 7, SQL Server 2000, and SQL Server (Yukon). |
Average Customer Review:
 ( 4 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
7 of 7 found the following review helpful:
Chip Andrews and crew deliver a title worthy of its lineageOct 12, 2003
By Richard Bejtlich
"TaoSecurity"
"SQL Server Security" (SSS) is a great security book, free of the bloat the affects both operating systems and many technical volumes. Weighing in at 322 pages, it's packed with the detail needed to securely deploy Microsoft SQL servers. Although many people contributed to the text, it doesn't suffer from internal redundancy. I highly recommend anyone operating SQL servers devour this book.In the "Acknowledgements," lead author Chip Andrews writes "I wanted this book to give security and database professionals the same readability, reference ability, and red-eyed wonder that 'Hacking Exposed' gave me a few years back." My favorite aspect of the HE line was the material's ability to explain attack and defense concepts while illuminating the internal operation of victimized systems. SSS follows this lead by devoting entire chapters to SQL Server components, like Network-Libraries (ch. 4) and Authentication and Authorization (ch. 5). My favorite sections appear in chapter 7, where the authors describe novel ways to leverage SQL Server's "C-2 auditing" features for purposes of intrusion detection.
SSS dispenses an immense amount of useful advice, whether it's a whole chapter on secure installation (ch. 3), best practices found in most chapters, or the appendices on stored procedures and integration with other Microsoft technologies. The only downside I found appears in chapter 2, where SQL samurai David Litchfield uses language outside the realm of most readers' understanding. For example, "the import address entry for GetProcAddress() in sqlsort.dll shifts by 12. With no SQL Server service pack, the address of the entry is at 0x42AE1010, and on SP1 and SP2, it is at 0x42AE101C" (p. 29). The uninitiated should skim this chapter and trust the authors when they claim SQL Server can be attacked by multiple means.
SSS is a must-buy if you operate SQL Server. It's the manual Microsoft forgot to ship.
3 of 3 found the following review helpful:
Excellent coverageDec 28, 2003
Having read about half of this book, I can say that each chapter has not disappointed me. As a mid-level DBA, this book has helped bring things together in my mind that seemed like a loose collection before. I would highly recommend this book to anyone wanting to beef up their knowledge of security with SQL Server. The authors have done an excellent job. It's easy to read and chapters are reasonably short and concise with just the right amount of illustrations.
2 of 3 found the following review helpful:
Clearly addresses SQL Server vulnerabilitiesJan 12, 2004
By Midwest Book Review
SQL Server Security by David Lichtfield clearly addresses SQL Server vulnerabilities and provides security solutions, as well as covering installation, administration, and programming, plus security issues such as authentication, encryption, intrusion detection, and more. Written for IT professionals administering or programming any SQL Server-based application, SQL Server Security includes coverage of SQL Server 7, SQL Server 2000, and SQL Server (Yukon).
4 of 8 found the following review helpful:
 u use SQL? u better read this!Oct 31, 2003
By Eric Kent
If you do anything with SQL and need top secure it, please read this book. Securing SQL is not rocket science, but it is easy to do wrong. This book shows how to do it right.
|
based on 4 reviews
