Keeping track of the changes made to your database objects is a key part of any SQL database security strategy or compliance policy including, among others, the Health Insurance Portability and Accountability Act, Sarbanes-Oxley, Payment Card Industry Data Security Standard or the European Union Data Protection Directive. However, even if your IT environment doesn’t have to comply to stringent security rules, being able to identify what database object has been changed, who has changed it as well as the exact time of the change, is invaluable in troubleshooting any schema related problems down the road, such as broken dependencies. So, how does one audit SQL Server schema changes?
April 4, 2013How to recover objects that are missing as a result of a SQL injection attack
All of a sudden, you realize that something’s wrong with your database objects. Some stored procedures are missing, functions are there but they don’t work as expected since their code seems to be altered, and some triggers are created and fired which enhances the chaos you’re in.
After the initial shock, you start investigating. Don’t rule out a SQL injection attack, as it’s one of the most common web application security issues.
How to recover data that is missing or damaged as a result of a SQL injection attack
What is a SQL injection?
A SQL injection attack is an attack in which a code that attacks the database is inserted into a web site. It’s one of the most common types of web application security vulnerabilities. So it’s better to be prepared, or at least well informed
SQL injections can have an immediate (first-order attacks) and delayed effect (second-order attacks)
Checklist for suspicious activity on SQL Server
It seems something went awry with the SQL Server. It’s sluggish, behaves erratically, produces heavy network traffic, there is a significant increase in the server processor or memory utilization, and to top it all there are reports of or database objects and data being damaged or missing.
Where to start looking?
How to recover SQL Server data from accidental UPDATE and DELETE operations
The SQL DBA’s worst nightmare is the loss of data due to their own mistake. It’s not uncommon for someone to improperly execute or even forget a WHERE clause entirely when executing DELETE or UPDATE queries, resulting in potentially millions of rows of compromised data
So, which SQL Server data recovery options are available?
April 4, 2013How to recover SQL Server data from accidental updates without backups
Ooops! Say you’ve performed an UPDATE statement without a WHERE condition against the database and overwritten a bunch of rows with bad data. How can you bring the right values back?
April 4, 2013