WHAT'S IN THIS CHAPTER?

• Understanding SQL Server authentication types
• Understanding Windows authentication types
• Authorizing object-level security
• Maintaining row-level security

WROX.COM CODE DOWNLOADS FOR THIS CHAPTER

The wrox.com code downloads for this chapter are found at www.wrox.com/go/prosql2014admin on the Download Code tab. The code is in the Chapter 8 download and individually named according to the names throughout the chapter.

Security of a Microsoft SQL Server instance is probably one of the least sexy topics out there today. And, unfortunately, that will probably remain the case for many years to come, if not forever. However, proper security for the database instance is extremely important because without it, there is no way to guarantee that the data stored within the SQL Server instance is the data expected to be there.

Changes that an attacker could make to the data within an instance of SQL Server could be as small as simply changing names or changing the prices for products, to injecting JavaScript or HTML that is served to customers or employees via their web browser, which then executes unexpected code on their machine. These changes could be minor; however, more than likely, they could install some sort of dangerous application on the user's computer such as a Trojan horse or key logger.

So, in reality, anything can happen, and it is best to be prepared for all scenarios. Your corporate databases are key strategic ...