Press "Enter" to skip to content

Category: Security

No More TLS 1.1 in Microsoft Fabric

Nisha Sridhar makes an announcement:

We have officially ended the support for TLS 1.1 and earlier on the Fabric platform. As previously announced, starting July 31, 2025, all outbound connections from Fabric to customer data sources must use TLS 1.2 or later.

This update follows our earlier announcement in the TLS Deprecation for Fabric blog, where we outlined the rationale and timeline for this transition.

Read on to see what you might need to do to keep up to date.

Leave a Comment

The CU+GDR Path in SQL Server’s Service Model

Jon Russell clarifies the situation:

SQL Server administrators often encounter Microsoft updates labeled as “CU + GDR”, and understandably, this can cause confusion — especially when trying to stay on a consistent CU-based servicing path. This post clarifies what “CU + GDR” really means and why it’s not something to worry about.

Read on for an overview of the different security models, as well as the odd duck in SQL Server 2016.

Leave a Comment

Oracle Password-Related Profile Settings

David Fitzjarrell takes a look at some settings:

Passwords expire, and, depending upon how various profiles are configured, accounts are either locked or provided a grace period during which the old password can be changed. In any recent enterprise password verification functions are provided to police new passwords to ensure a modicum of security. Let’s dig into what Oracle provides to assist in password security.

Basic elements of password security that Oracle provides start with the profile; listed below are the associated resources:

Read on for the available options you can set on a per-profile basis.

Leave a Comment

Building a Snowflake Dashboard that Uses Filters

Kevin Wilkie does a bit of filtering:

Snowflake Dashboards can do a lot more than just show pretty numbers. Today, let’s focus on something that every data pro eventually has to deal with—filters that make navigating your dashboards less painful, especially when it comes to everyone’s favorite task: AUDITING.

Ah yes, auditing—because nothing says “data dream job” like tracing permissions. Whether it’s quarterly compliance checks or a sudden request from an overly curious auditor, somebody, at some point, will ask, “Who has access to what in Snowflake?” So let’s make that answer easy to deliver.

Click through for the process, using the development of a permissions auditing dashboard as the example.

Leave a Comment

Ownership Chaining in SQL Server

Jon Russell breaks the chain:

Designing a reporting layer that protects sensitive data takes more than hiding tables behind a view. You must understand how schema permissions and ownership chaining interact, or a well‑meant deny can suddenly block your users—or worse, let them see columns you thought were private. The walk‑through below shows the entire life‑cycle of a common scenario:

  1. Build an HR table that holds confidential columns.
  2. Expose a summary view in a separate schema.
  3. Grant a reporting role access to the view but explicitly deny access to the HR schema.
  4. Break the ownership chain, observe the failure, diagnose the cause, and repair it by realigning ownership.

Read on to learn more. Note that this is all within a single database, so we aren’t talking about the cross-database ownership chaining setting. That setting being on immediately raises red flags for me.

Leave a Comment

Installing SQL Server CUs via dbatools

David Seis updates an instance or thirty:

Keeping your SQL Server instance up to date with the latest service packs and cumulative updates is one of the key components of SQL Server security. In this blog post, we will audit the dbatools command Update-DbaInstance, which can save you hours every month and help keep your environment more secure.

I will test, review, and evaluate the script based on a series of identical steps. Our goal is to provide insights, warnings, and recommendations to help you use this script effectively and safely. Update-DbaInstance is powerful tool to automate the update of one or many SQL server instances without needing to log in.

Click through for David’s thoughts on the cmdlet.

Leave a Comment

Fixing Slow Row-Level Security Policies in PostgreSQL

Dian Fay troubleshoots some row-level security slowness:

At my day job, we use row-level security extensively. Several different roles interact with Postgres through the same GraphQL API; each role has its own grants and policies on tables; whether a role can see record X in table Y can depend on its access to record A in table B, so these policies aren’t merely a function of the contents of the candidate row itself. There’s more complexity than that, even, but no need to get into it.

Read on for a dive into row-level security and several tips to make the operation faster.

Comments closed

The Limits of Transparent Data Encryption

Steve Stedman breaks down some myths around Transparent Data Encryption in SQL Server:

Transparent Data Encryption (TDE) in SQL Server is a powerful feature designed to protect data at rest by encrypting database files. While TDE is an excellent tool for securing data stored on disk, it’s often misunderstood, leading to assumptions about its capabilities. In this blog post, we’ll clarify what TDE does not do to help you better understand its scope and limitations, ensuring you implement the right security measures for your SQL Server environment.

Click through for the list.

Comments closed

Not Patching: the False Sense of Security

Mike Walsh explains why it’s important to keep up to date on patches:

At first, I was a bit shocked, but then I realized it actually makes sense and it matches a regret I hear far too often from folks who call us too late“If we don’t change too much, we’re safe.”

Sadly, nothing can be further from the truth. When a software vendor releases a fix for a vulnerability, it certainly could be caused by a recent patch or update – but more often than not that fix is for a longstanding issue that has been until recently unknown to the world.

Read on for Mike’s argument. This also applies to people running versions of SQL Server no longer receiving patches (hint: 2016 SP3 and earlier). Just because there isn’t a patch doesn’t mean there isn’t a vulnerability.

Comments closed