Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
SQL Server security distilled
Lewis M., APress, LP, Berkeley, CA, 2003. 352 pp. Type: Book (9781590592199)
Date Reviewed: Jun 11 2004

This book describes how to secure Structured Query Language (SQL) Server applications in a networked Microsoft Windows environment. It covers three different versions of SQL Server (versions 6.5, 7.0, and 2000), and discusses these in the contexts of Windows NT or Windows 2000, using clients that are running Windows 9x, Windows NT, Windows 2000, and, to some extent, Windows XP. As the reader might understand, these are complex environments, so the book is not easy reading.

The author does a fairly good job of subdividing the book, so most readers will not need to read the entire text. There are specific chapters dedicated to unique situations, based on the version of SQL Server you are using.

Given that most applications will not be running on a single machine, the network is a key part of the system, and must be as secure as the database and the machines it runs on. The author describes, in considerable detail, certain activities (specifically login) that pass through the network, and the potential security data that can be easily seen by others as a result. Lewis is very polite; at no point does he come out and say “and these exposures are so great that, in reality, there’s no point in any further security efforts,” but he does tell the reader what risks the user is exposed to, in very clear terms. (I did form some editorial opinions here; if I were writing the book, the text might just have said “don’t bother trying to secure” some of the configurations mentioned.)

There is an entire chapter on designing security for applications. Unfortunately, most application designers will not read a book that talks about server security, and would rather build all the security into the application (ignoring the fact that, if the database is not otherwise secured, direct SQL calls outside the application will do considerable damage to the application’s efforts). There is a need for a book that talks about application security (for SQL Server applications) from the designer’s point of view, and then introduces the SQL Server capabilities after the fact, rather than at first. That doesn’t diminish the value of this book, but suggests that, with some editorial rearrangement, a wider audience might find the book to be of value.

Although it is difficult to read, this book is a very valuable reference tool, and the contents are important to Windows server managers, and database administrators, working with SQL Server.
Reviewer:  Charles W. Bash Review #: CR129746 (0412-1442)
Bookmark and Share
 
Security, Integrity, And Protection (H.2.7 ... )
 
 
Access Methods (H.2.2 ... )
 
 
Logging And Recovery (H.2.7 ... )
 
 
SQL (H.2.3 ... )
 
 
Database Administration (H.2.7 )
 
 
Languages (H.2.3 )
 
  more  
Would you recommend this review?
yes
no
Other reviews under "Security, Integrity, And Protection": Date
Security of random data perturbation methods
Muralidhar K., Sarathy R. ACM Transactions on Database Systems 24(4): 487-493, 1999. Type: Article		 Apr 1 2000
Towards a configurable security architecture
Olivier M. Data Engineering 38(2): 121-145, 2001. Type: Article		 Apr 17 2002
A propositional policy algebra for access control
Wijesekera D., Jajodia S. ACM Transactions on Information and System Security 6(2): 286-325, 2003. Type: Article		 May 29 2003
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy