We have just enabled encryped connections on a SQL server by following the
steps on Books Online "How to: Enable Encrypted Connections to the Database
Engine (SQL Server Configuration Manager) ". We install a certificate on the
server, configured the server to accept encrypted ...

Hello--
Over the weekend our IIS server that we host our website on started serving
up Trojans to everyone that visited our website. We traced it back to the
below (see link). http://s3cwatch.wordpress.com/2008/06/22/wwwj8j8heicnkjs/ 

I'm looking at the server role securityadmin in SQL Server 2005.
In Books Online it says like this.
"Members of the securityadmin fixed server role can grant both server-level
and database-level permissions."

Hi, I have microsoft sql server 2000 on windows server 2003 for small
business.
It's linked to a web server which register more than 5000 unique
visitors every hours.

I have an old master database, I can restore it with another name but
it can't replace the real master.
Is there any way I can se the info about server roles from this
database? I want to se which "role members" there is for different

I just created 3 sensitive data tables within my database. I have a Group
that conatins multiple people and only 5 of those can have access to these
tables new tables.  The rest of the people in the group need Read access to
all of the other tables within this database. These 5 ...

How can I can allow my users to only see the DBs their user ID has been
mapped to when they open up SSMS? When they open up SSMS today, they can see
all the DBs; I want to restrict their view to only the DBs that their ID is
mapped to.

I need to restrict my users to accessing the application to using Cognos
only.  Anyway I can get that done?

Any recommendations or applications to filter\block sql injections
through post requests? Looking for an application that will reside on
the host itself; not an appliance. Any suggestions or recommendations
on third party productions welcome. Thanks.

We are in the process of redesigning our DMZ layout. We have several
different websites that will reside in DMZ 1 which are the front-end web
applications. About 3-4 of these web applications (which are different from
each other) will have a backend database connection to an SQL ...

With all the different regulations and the environments we support and the
need for devs to access production,etc.. whats the best way to manage
security in an organization ? What does SOX have to say ? Does it and should
it not have devs access production..

We have a user who needs to do the following:
1) Truncate table
2) Create temp table
3) All table owners and stored procedure owners need to be dbo

I am new to SQL and have a newbie question
Using OSQL how would I create a user that can access the DB with read and
write capabilities. I dont want the user to have SA capabilities but be able
to read and write to the DB.

I have a newbie question.  I just installed SQL Server 2005 (Express
edition) and created a new user "Sherwood" (with an appropriate password).  
When I attempt to connect using SQL Server Authentication, however, I receive
the following error:

Is there a way to allow a .net application write access to sql server but to
deny a direct user login e.g. via management studio.
The background is that the users must not be able to manipulate the data
directly but only within the application. Integrated security should be used