Category Archives: Code Review

For Privacy Open the Source & Close the Back Door

There is no surprise in the many recent corporate self-admissions that they too have given our private information. After all, they got us to release our privacy to their care with barely a flick and a click. As a direct consequence – and without … Continue reading

Rate this:

Posted in Code Review, Privacy, Secure Data | Leave a comment

It’s [Still!] the SQL Injection… Stupid

Did you see Imperva’s October 2012 Hacker Intelligence Report? The report is a data mining study directed toward the on-line forum behaviors among a purportedly representative group of hackers. The milestone for October 2012 is that Imperva now has a … Continue reading

Rate this:

Posted in Code Review, Data Loading, Secure Data, Testing | Leave a comment

T-SQL Cryptographic Patterns – part 6: a hole in the bucket

Continuing with a description of the patterns introduced previously as the dog food stored procedure; and after the proc has completed a run-time inquisition to verify the authenticity and authority of the application’s actions in the booking phase the session and … Continue reading

Rate this:

Posted in Code Review, Encryption Hierarchies, Secure Data | Leave a comment

Throw FORMATMESSAGE() in the SQL Server 2012 Tool Bag

SQL Server 2012 chucks THROW into Try-Catch block error handling brewery. THROW is part of the TRY-CATCH contraption. THROW has an ability to reliably relay an exception down the T-SQL call stack. However, the inability of a THROWn message to … Continue reading

Rate this:

Posted in Code Review | Leave a comment

Encrypting XML Typed Data in SQL Server

Two issues: W3C XML Encryption is broken by most accounts. SQL Server encryption functions cannot digest XML (pun intended). A double whammy! The first issue is a bigger deal. If you are encrypting sensitive data with a web service – … Continue reading

Rate this:

Posted in Code Review, Encryption Hierarchies, Secure Data | Leave a comment

Considering Cryptography in SQL Server Database Architectures

It is useful to have a ‘big picture’ understanding of the possible layers of encryption available for data-at-rest in a data-centric application. A visual that conveys those layers is challenging due to the number of dimensions that must be considered. … Continue reading

Rate this:

Posted in Code Review, Encryption Hierarchies, Secure Data | Leave a comment

Encryption Hierarchy Administration – a T-SQL Template

This is a SQL Server template to standardize and track backup and  restore of SQL Server 2005/2008 Encryption Hierarchy (EH) Master Keys and Certificates. Unlike most templates, this one creates a complete utility with several interdependent database objects – including … Continue reading

Rate this:

Posted in Code Review, Encryption Hierarchies, Secure Data | 1 Comment