Download presentation
Presentation is loading. Please wait.
1
Securing SQL Server Processes with Certificates
Robert L Davis Database Engineer @SQLSoldier Securing SQL Server Processes with Certificates
2
Robert L Davis @SQLSoldier PASS Security Virtual Chapter
Microsoft Certified Master Data Platform MVP @SQLSoldier Database Engineer BlueMountain Capital Management 17+ years working with SQL Server PASS Security Virtual Chapter Volunteers needed Database Engineer at BlueMountain Capital Management Foremer Principal Database Architect at DB Best Technologies Former Principal DBA at Outerwall, Inc Former Sr. Product Consultant with Idera Software Former Program Manager for SQL Server Certified Master program in Microsoft Learning Former Sr. Production DBA / Operations Engineer at Microsoft (CSS) Microsoft Certified Master: SQL Server 2008 / MCSM Charter: Data Platform Co-founder of the SQL PASS Security Virtual Chapter MCITP: Database Developer: SQL Server 2005 and 2008 MCITP: Database Administrator: SQL Server 2005 and 2008 MCSE: Data Platform MVP 2014 Co-author of Pro SQL Server 2008 Mirroring Former Idera ACE (Advisors & Community Educators) 2 time host of T-SQL Tuesday Guest Professor at SQL University, summer 2010, spring/summer 2011 Speaker at SQL PASS Summit 2010, 2011, and 2012 including a pre-con in 2012 Speaker/Pre-con at SQLRally 2012 17+ years working with SQL Server Writer for SQL Server Pro (formerly SQL Server Magazine) Member: Mensa Dog picture: Maggie and Woody SQLCruise instructor: Seattle to Alaska 2012 Speaker at SQL Server Intelligence Conference in Seattle 2012 Blog: Twitter:
3
Securing SQL Server Processes with Certificates
Managing Certificates
4
Securing SQL Server Processes with Certificates
Managing Certificates Creating Logins and Users Mapped to Certificates
5
Securing SQL Server Processes with Certificates
Managing Certificates Creating Logins and Users Mapped to Certificates Signing Procedures
6
Securing SQL Server Processes with Certificates
Managing Certificates Creating Logins and Users Mapped to Certificates Signing Procedures Signing Procedures for SQL Server Processes
7
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates
8
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE
9
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates
10
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates BACKUP CERTIFICATE
11
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates BACKUP CERTIFICATE Restoring certificates
12
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates BACKUP CERTIFICATE Restoring certificates
13
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates BACKUP CERTIFICATE Restoring certificates CREATE CERTIFICATE … FROM FILE
14
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates BACKUP CERTIFICATE Restoring certificates CREATE CERTIFICATE … FROM FILE Store securely
15
Securing SQL Server Processes with Certificates
Managing Certificates Creating certificates CREATE CERTIFICATE Backing up certificates BACKUP CERTIFICATE Restoring certificates CREATE CERTIFICATE … FROM FILE Store securely Demo
16
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates Creating logins
17
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates Creating logins CREATE LOGIN … FROM CERTIFICATE
18
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates Creating logins CREATE LOGIN … FROM CERTIFICATE Creating users
19
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates Creating logins CREATE LOGIN … FROM CERTIFICATE Creating users CREATE USER … FOR/FROM CERTIFICATE
20
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates Creating logins CREATE LOGIN … FROM CERTIFICATE Creating users CREATE USER … FOR/FROM CERTIFICATE Demo
21
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user
22
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
23
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options Cross-database ownership chaining
24
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options Cross-database ownership chaining Trustworthy
25
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options Cross-database ownership chaining Trustworthy Signing the procedures
26
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options Cross-database ownership chaining Trustworthy Signing the procedures ADD SIGNATURE TO … BY CERTIFICATE … WITH PASSWORD
27
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options Cross-database ownership chaining Trustworthy Signing the procedures ADD SIGNATURE TO … BY CERTIFICATE … WITH PASSWORD Executes as certificate which is mapped to a user and/or login
28
Securing SQL Server Processes with Certificates
Signing Stored Procedures Grant permissions for a stored procedure without granting to user Allows you to avoid common issues where you may otherwise be pressured to enable risky database options Cross-database ownership chaining Trustworthy Signing the procedures ADD SIGNATURE TO … BY CERTIFICATE … WITH PASSWORD Executes as certificate which is mapped to a user and/or login Demo
29
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes Relies on everything we’ve learned so far
30
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes Relies on everything we’ve learned so far Can be used to execute signed procedure via Service Broker
31
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes Relies on everything we’ve learned so far Can be used to execute signed procedure via Service Broker Can be used to grant rights to CLR assemblies
32
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes Relies on everything we’ve learned so far Can be used to execute signed procedure via Service Broker Can be used to grant rights to CLR assemblies More work but more secure
33
Performance Tuning 101: Parallelism
Q & A
34
Thank you for attending!
Thanks! Thank you for attending! My blog: Twitter: twitter.com/SQLSoldier
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.