SQL Server – Security: Schemas, Ownership Chaining and the dreaded TRUSTWORTHY flag – Part 1


Warning: this post involves me standing on a soapbox: it’s going to be a bit of a rant/preach about why everyone should care about security!  Starting with….


When I talk to my developer colleagues, very few of them realise that database schemas are actually a security feature of SQL Server.  They also don’t appreciate that security in a database needs to be designed, it doesn’t just happen.  If it’s considered from an early point in the design of the database and application, then it will be much easier to implement and cause them less headaches in the long run when they ask me for some elevated permission or other and I say “no, because….” and start explaining about ownership chaining and a whole bunch of other security related stuff that makes them roll their eyes at me…. ahem, I digress.
Continue reading


SQL Server – Desiging for security – Prelude

Amongst many IT professionals, security is seen as many things: painful, a dark art, an unnecessary hindrance.


I believe this is because it is only considered at the end of a development process, rather than at the beginning. This means that certain choices that would make implementing a well rounded security platform could potentially be missed, such as the choice of database schemas being used.

Continue reading