Press "Enter" to skip to content

Category: Security

Restoring a TDE Database Sans Certificate

Matthew McGiffen helps us recover from a big oopsie:

If you don’t have the backups of the certificate and private key from the old server, as well as the password used to encrypt the private key backup then you could be in a lot of trouble. There is one scenario where you have a way out. I’m going to assume you don’t have the possibility to recover your old server from a complete file system backup – if you do then you can do that and access all the keys you require. If the two following things are true though then you can still recover your database:

Read on to see what those requirements are and how you can, in specific circumstances, recover that database.

Leave a Comment

Restoring a TDE-Enabled Database

Matthew McGiffen notes how to restore a database with transparent data encryption:

When encrypting a database with Transparent Data Encryption (TDE), a vital consideration is to make sure we are prepared for the scenario where something goes wrong. For instance, if the server hosting our SQL instance goes belly-up, can we recover the data that we have encrypted with TDE?

Click through to learn what you’ll need to have.

Leave a Comment

What to Use Instead of Get-EventLog

Emin Atac gets a scary message:

When you type the following

Get-EventLog-SourceMicrosoft-Windows-Kernel-General-Newest20-LogNameSystem-InstanceId1 | Select-ExpandPropertyMessage

You get

Possible detection of CVE: 2023-01-09T09:08:23.5000000Z
Additional Information: 2023-01-08T19:56:29.1492612Z
This Event is generated when an attempt to exploit a known vulnerability (2023-01-09T09:08:23.5000000Z) is detected.
This Event is raised by a User mode process.

Read on to learn what this error message means, why it pops up, and what you can do to avoid it in the future.

Leave a Comment

Monitoring TDE in Action

Matthew McGiffen pulls out the magnifying glass with a built-in light:

The encryption of your existing data occurs as a background process referred to as the encryption scan, but it will consume resources while it runs, so if you are implementing TDE against a system with large databases where performance is critical then you will want to either run it in a period of quiet (or down time), or you will want to monitor to check that encryption isn’t impacting your system too much. Experience suggests that it shouldn’t be a problem unless your server is already under strain.

There are a few things to look out for if you are monitoring during the encryption scan:

Click through for a list of items you might want to keep in mind, as well as some important tips about suspending or stopping the encryption process.

Leave a Comment

Troubleshooting Always Encrypted Certificate Errors

Chad Callihan swears this is the right key:

The benefit of SQL Server Always Encrypted is to encrypt sensitive data in specified columns to prevent it from being seen by unauthorized users. It is a great feature, but there are some steps to consider besides the SQL setup side. What if you are one of the lucky (or unlucky) users who should have access to query that data unencrypted but get blocked by an error? Or, what if you’re setting up Always Encrypted and your application encounters issues decrypting data?

Let’s step through an example of one error you may come across that prevents authorized access.

Read on for the error and its root cause.

Leave a Comment

Limiting Data Factory Users to Trigger Pipelines

Koen Verbeeck doesn’t want people running amok:

Typically you have a bunch of pipelines that are started by one or more triggers. Sometimes, a pipeline needs to be manually triggered. For example, when the finance department is closing the fiscal year, they probably want to run the ETL pipeline a couple of times on-demand, to make sure their latest changes are reflected in the reports. Since you don’t want them to contact you every time to start a pipeline, it might be an idea to give them permission to start the pipeline themselves.

This can obviously be done by tools such as Azure Logic Apps or a Power App, but in my case the users also wanted to view the progress of the pipeline (did something crash? Why is it taking so long? etc.) and developing a Power App with all those features seemed a bit cumbersome to me. Instead, we gave them permission on ADF itself so they can start the pipelines. There’s one problem though, there’s only one role for ADF in Azure, and it’s the contributor role. A bit too much permission, as anyone with that role can change anything in ADF. You don’t want that.

So what can you do? Click through to find out.

Leave a Comment

Notes on DBATools’s Get-DecryptedObject

Sean Gallardy explains an issue:

Let me start off by saying that DBATools is a great tool that is immensely helpful to the community, if you haven’t heard about it or tried it, please give it a shot! I personally believe that the SQL Server community is truly the best out there, with so many people helping each other and developing great, free, tools that benefit all. Having said that, I’ve been asked quite a few times to look into a “SQL Server Bug” decrypting data.

This is not an issue with SQL Server nor is it a bug/feature/whatever. It is, in fact, a bug in the source material for DBATools.

Read the whole thing.

Leave a Comment

PostgreSQL Sans Superuser in v16

Robert Haas doesn’t wear a cape:

As I’ve written about before, a PostgreSQL superuser always has the ability to take over the operating system account in which PostgreSQL is running, but sometimes you’d like to have a role that can administer the database but not break out of it. In existing releases, there’s no good way to accomplish that. You can either make a new role so weak that it can’t perform ordinary administration tasks, or you can make it so strong that it can easily break into the operating system account and thus take over the superuser role as well. Unless you hack the source code, which some people have done, there’s no real way to set up an account that has enough power to usefully administer the database in meaningful ways but yet not enough power to take over everything. I’ve committed a number of patches to v16 to try to improve the situation, and I think that we can look forward to big improvements in this area once it is released.

Read on for some of the implications of this change.

Leave a Comment

Roles and Privileges in Postgres

Ryan Booz gives us an introduction to Postgres security:

Recall that in PostgreSQL both users and groups are technically roles. These are always created at the cluster level and granted privileges to databases and other objects therein. Depending on your database background it may surprise you that roles aren’t created as a principal inside of each database. For now, just remember that roles (users and groups) are created as a cluster principal that (may) own objects in a database, and owning an object provides additional privileges, something we’ll explore later in the article.

For the purposes of this article, all example user roles will be created with password authentication. Other authentication methods are available, including GSSPI, SSPI, Kerberos, Certificate, and others. However, setting up these alternative methods is beyond what we need to discuss object ownership and privileges.

Read the whole thing if you’re doing anything with Postgres.

Leave a Comment