Musings on Database Security

Slavik’s Blog

Archive for May, 2008

Thursday, May 29th, 2008

Secret Hedgehog project

Just wanted to share with you a secret Hedgehog project I’ve been working on for almost two years. You can see a picture below.

1 Comment » - Posted in Personal by Slavik

---

Monday, May 26th, 2008

So, you think you’ve removed that sensitive data

I had an interesting conversation with Alexander Kornbrust yesterday about cloning databases. Most DBAs I know copy database files from production to create staging, integration and test environments. Those environments contain a lot of sensitive information (PII, CC, etc.) which is usually either deleted, scrambled or truncated. The problem with these solutions is that most [...]

3 Comments » - Posted in DBA, Oracle, insider threat, security, technical tips by Slavik

---

Monday, May 26th, 2008

Weird MS SQL Server bug

A somewhat technical post on MS SQL Server encrypted triggers.
It turns out that MS SQL Server 2005 has an issue with encrypted triggers in the model database. We’ve created an encrypted database level trigger on DDL operations in all databases including the model database so that when a new database is created the trigger will [...]

1 Comment » - Posted in DBA, MS SQL Server, technical tips by Slavik

---

• Tags

  bind_variables breach breach-notification compliance conference database-monitoring database-security database_security DBA educational_institutions hedgehog hipaa insider threat insider_threat intrusion monitoring MS SQL Server off-topic Oracle oracle_database_security oracle_security patching PCI Personal personally_identifiable_information pii presentation privacy regulatory-compliance sarbanes-oxley sb1386 security segregation_of_duties social_security_numbers SQL injection sql_injection technical technical tips TJX ukoug universities user identity visa vulnerability webcast

• Categories

  • breach
  • compliance
  • credit cards
  • DBA
  • encryption
  • insider threat
  • Java
  • monitoring
  • MS SQL Server
  • Oracle
  • OUG
  • patching
  • PCI
  • Personal
  • privacy
  • sb1386
  • security
  • SQL injection
  • technical tips
  • TJX
  • Uncategorized
  • universities
  • user identity

• Blogroll

  • Educational Security Incidents (ESI)
  • Julian Dyke
  • Oracle Chemist
  • Pete Finnigan’s Oracle security weblog
  • Peter Swire
  • Phat4Oracle
  • Security Incite
  • Securosis
  • Sentrigo
  • Tanel Poder

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

•  

  May 2008

  M	T	W	T	F	S	S
  « Apr				Jun »
  			1	2	3	4
  5	6	7	8	9	10	11
  12	13	14	15	16	17	18
  19	20	21	22	23	24	25
  26	27	28	29	30	31

Musings on Database Security is powered by WordPress 2.5.1 and delivered to you in 1.110 seconds using 19 queries.
Theme: Connections Reloaded v1.5 by Ajay D'Souza. Derived from Connections.