Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Server.  logins/users  roles  certificate  assymetric key 

Published byAusten Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "SQL Server.  logins/users  roles  certificate  assymetric key "— Presentation transcript:

1 SQL Server

2

3  logins/users  roles  certificate  assymetric key 

4  Standard SQL Server login  Windows login  Windows group  Certificate  Asymmetric Key

5  CREATE LOGIN loginName { WITH | FROM }  ::= PASSWORD = { 'password' | hashed_password HASHED } [ MUST_CHANGE ] [, [,... ] ]

6  ::= SID = sid | DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language | CHECK_EXPIRATION = { ON | OFF} | CHECK_POLICY = { ON | OFF} | CREDENTIAL = credential_name  ::= WINDOWS [ WITH [,... ] ] | CERTIFICATE certname | ASYMMETRIC KEY asym_key_name  ::= DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language

7  bulkadmin  dbcreator  diskadmin  processadmin  securityadmin  serveradmin  setupadmin  sysadmin

8  CREATE LOGIN TestLogin WITH PASSWORD = ' ', CHECK_POLICY = ON, CHECK_EXPIRATION = ON GO

9  CREATE USER user_name [ { { FOR | FROM } { LOGIN login_name | CERTIFICATE cert_name | ASYMMETRIC KEY asym_key_name} | WITHOUT LOGIN ] [ WITH DEFAULT_SCHEMA = schema_name ]

10  db_accessadmin  db_backupoperator  db_datareader / db_datawriter  db_ddladmin  db_denydatareader / db_denydatawriter  db_owner  db_securityadmin  public

11  { EXEC | EXECUTE ] AS  ::= { LOGIN | USER } = 'name' [ WITH NO REVERT ] | CALLER

12  SELECT  INSERT  UPDATE  DELETE  EXECUTE  REFERENCES  CONTROL  ALTER  VIEW DEFINITION  TAKE OWNERSHIP

13  GRANT EXECUTE ON Customers.asp_submitorder TO SubmitOrdersRole

14  SELECT USER_NAME()  GO  EXECUTE AS USER = 'TestUser'  GO  SELECT USER_NAME()  GO  EXEC Customers.asp_submitorder 1, '1-2RB1-4RO', 5  GO  SELECT OrderID, CustomerID, OrderDate, SubTotal, TaxAmount, ShippingAmount, GrandTotal, FinalShipDate FROM Orders.OrderHeader SELECT OrderDetailID, OrderID, SKU, Quantity, UnitPrice, ShipDate FROM Orders.OrderDetail  GO  REVERT

15  GRANT SELECT ON DATABASE::SQL2008SBS TO TestLogin GO  DENY VIEW DEFINITION ON DATABASE::SQL2008SBS TO TestLogin GO

16  EXECUTE AS USER = 'TestLogin‘  GO  SELECT * FROM sys.objects  GO  SELECT OrderID, CustomerID, OrderDate, SubTotal, TaxAmount, ShippingAmount, GrandTotal, FinalShipDate FROM Orders.OrderHeader  GO  REVERT

17  SAFE  EXTERNAL_ACCESS  UNSAFE

18  1-Sided – Hashs: MD2,MD4,MD5, SHA,SHA1  2-Sided: Symetric Keys (Best Performance), Asymetric Keys(Strong),Certificates

19  Service Master Key  Database Master Key  CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password'

20  OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password'  BACKUP MASTER KEY TO FILE = 'path_to_file' ENCRYPTION BY PASSWORD = 'password‘  RESTORE MASTER KEY FROM FILE = 'path_to_file' DECRYPTION BY PASSWORD = ‘pwd' ENCRYPTION BY PASSWORD = ‘pwd'  CLOSE MASTER KEY

21  DECLARE @HashValue varchar(100)  SELECT @HashValue = 'SQL Server‘  SELECT HashBytes('MD5', @HashValue)  SELECT @HashValue = 'SQL Server‘  SELECT HashBytes('SHA1', @HashValue)

22  Hash Algorithms are Case-Sensitive  MD2, MD4,SHA is also available  Remember to Salt Hashs

23  CREATE SYMMETRIC KEY MySymmetricKey WITH ALGORITHM = RC4 ENCRYPTION BY PASSWORD = ‘pwd’  GO  SELECT * FROM sys.symmetric_keys  GO  CREATE TABLE SymmetricKeyDemo (ID int IDENTITY(1,1), PlainText varchar(30) NOT NULL, EncryptedText varbinary(80) NOT NULL)  GO  OPEN SYMMETRIC KEY MySymmetricKey DECRYPTION BY PASSWORD = ‘pwd’  GO

24  INSERT INTO SymmetricKeyDemo (PlainText, EncryptedText) VALUES('SQL Server', EncryptByKey( Key_GUID('MySymmetricKey'),'SQL Server'))  GO  SELECT ID, PlainText, EncryptedText, cast(DecryptByKey(EncryptedText) AS varchar(30)) FROM SymmetricKeyDemo  GO  CLOSE SYMMETRIC KEY MySymmetricKey

25  CREATE CERTIFICATE MyCert AUTHORIZATION dbo WITH SUBJECT = 'Test certificate‘  GO

26  CREATE CERTIFICATE certificate_name [ AUTHORIZATION user_name ] { FROM | ::= ASSEMBLY assembly_name | { [ EXECUTABLE ] FILE = 'path_to_file' [ WITH PRIVATE KEY ( ) ] }

27  ::= [ ENCRYPTION BY PASSWORD = 'password'] WITH SUBJECT = 'certificate_subject_name' [, [,...n ] ]  ::= FILE = 'path_to_private_key' [, DECRYPTION BY PASSWORD = 'password' ] [, ENCRYPTION BY PASSWORD = 'password' ] ::= START_DATE = 'mm/dd/yyyy' | EXPIRY_DATE = 'mm/dd/yyyy'

28  CREATE TABLE CertificateDemo  (ID int IDENTITY(1,1),  PlainText varchar(30) NOT NULL,  EncryptedText varbinary(500) NOT NULL)  GO  CREATE CERTIFICATE MyCert AUTHORIZATION dbo WITH SUBJECT = 'Test certificate'

29  GO  SELECT * FROM sys.certificates  GO  INSERT INTO CertificateDemo  (PlainText, EncryptedText)  VALUES('SQL Server',EncryptByCert(Cert_ID('MyCert'), 'SQL Server'))  GO  SELECT ID, PlainText, EncryptedText, CAST(DecryptByCert(Cert_Id('MyCert'),  EncryptedText) AS varchar(max))  FROM CertificateDemo

Download ppt "SQL Server.  logins/users  roles  certificate  assymetric key "

Similar presentations

Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Secure Data SQL Server Best Practices Monica DeZulueta, Ph.D. Data Platform Technology Specialist Microsoft Corporation.

Secure Data SQL Server Best Practices Monica DeZulueta, Ph.D. Data Platform Technology Specialist Microsoft Corporation.
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Prepared by : Intesar G Ali - IT DepartmentPalestinian Land Authority 1 SQL Server 2005 Security Date :13-3-2011.

Prepared by : Intesar G Ali - IT DepartmentPalestinian Land Authority 1 SQL Server 2005 Security Date :
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,

SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.

Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Mike Fal - www.mikefal.net SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.

Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.

Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Database Application Security Models

Database Application Security Models
Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS,

Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS,
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.

Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.

[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Similar presentations

Ads by Google