Security – Page 9 – Curated SQL

Data Masking in Azure Databricks

Published 2025-01-14 by Kevin Feasel

One way to protect sensitive information from end users in a database is through dynamic masking. In this process, the actual data is not altered; however, when the data is exposed or queried, the results are returned with modified values, or the actual values are replaced with special characters or notes indicating that the requested data is hidden for protection purposes.

In this blog, we will discuss a different approach to protecting data, where personally identifiable information (PII – a term you will frequently encounter when reading about data protection and data governance) is actually changed or updated in the database / persistent storage. This ensures that even if someone gains access to the data, nothing will be compromised. This is usually needed for refreshing the production database or dataset containing PII data elements to a lower environment. Your QA team will appreciate having a realistic data volume that resembles production environment but with masked data.

Rayis goes into depth on the process. I could also recommend checking out the article on row filters and column masks for more information.

Comments closed

Connecting a Web App to Azure SQL DB via Entra Managed Identity

Published 2025-01-14 by Kevin Feasel

Joey D’Antoni doesn’t have time to create a password:

Managed identities in Microsoft Entra have simplified authentication in Azure, particularly If all of your resources are in Azure. In this basic example, I’m going to walk you through connecting a Web App (aka App Service) running an API server to an Azure SQL Database. The best part? There are no passwords involved–let’s get started.

Read on for the process. It’s interesting to see how far identity-based security has developed in Azure over the years.

Comments closed

Generating an Example of SQL Injection

Published 2025-01-06 by Kevin Feasel

Vlad Drumea points out that SQL injection is still a thing:

SQL injection, also refereed to as SQLi, is a security vulnerability that allows attackers to modify the queries that an application makes to its underlying database.
This type of vulnerability can allow attackers to interact with data that they are not normally able to access, including data belonging to other application users.

For at least a decade, injection attacks were either number one or number two on OWASP’s top 10 list. It dropped all the way to number 3 in 2021. We’ll see how it looks with the 2025 OWASP top 10 application security vulnerabilities list, but in the meantime, check out Vlad’s post.

Comments closed

Troubleshooting SQL Server OS Error 5

Published 2025-01-02 by Kevin Feasel

Eitan Blumin works on getting access back again:

This error occurs when SQL Server lacks the necessary permissions to access a file or folder, typically during a database attachment. It’s an indication that SQL Server is being denied access due to insufficient permissions.

Read on for a few situations in which the error can occur, and what you can do about it.

Comments closed

Shared Semantic Models in Power BI

Published 2024-12-30 by Kevin Feasel

Soheil Bakhshi shares some data:

This blog series complements a YouTube tutorial I published earlier this month, where I quickly covered the scenario and implementation of shared semantic models in Microsoft Fabric. However, I realised this topic demands a more detailed explanation for those who need a deeper understanding of the processes and considerations involved in one of the most common enterprise-grade BI scenarios.

Read on for part 2 of this series. Soheil also includes a link back to part 1 if you missed it.

Comments closed

Securing a Kafka Ecosystem

Published 2024-12-24 by Kevin Feasel

Riya has a breakdown of how to protect your Apache Kafka installation and resources around it:

Apache Kafka is the backbone of many real-time data pipelines, making security an essential aspect of its deployment. Protecting your Kafka ecosystem involves implementing encryption to safeguard data, authentication to verify user identities, and authorization to control access. This guide provides a comprehensive overview of these three pillars of securing Kafka, complete with code examples to help you implement best practices.

Click through for demonstrations of encryption, authentication, and authorization.

Comments closed

Column Encryption in SQL Server

Published 2024-12-18 by Kevin Feasel

Rick Dobson encrypts a column:

I was recently assigned to work on a team who will implement column-level encryption and decryption solutions in SQL Server. Please introduce the basics of SQL Server encryption and decryption features. Also, provide a series of T-SQL samples for encrypting and decrypting data within the columns of a SQL Server table.

Always Encrypted can be better for the job, but sometimes, development or product limitations require using old-school column-level (or “cell-level” as people have called it) encryption. And it still works fine for the purpose of encrypting important data at rest.

Comments closed

Cannot Generate SSPI Context

Published 2024-12-06 by Kevin Feasel

Rob Farley troubleshoots a strange error:

Following an on-prem server reboot, anything that tried to connect to SQL Server on that server, using Windows Authentication, was getting an error:

The target principal name is incorrect. Cannot generate SSPI context.

Read on to learn more about the nature of this specific issue and the solution.

Comments closed

Roles and Privileges in Oracle versus PostgreSQL

Published 2024-11-22 by Kevin Feasel

Umair Shahid continues a series on migrating from Oracle to Postgres:

When moving from Oracle to PostgreSQL, one of the key differences lies in how each database handles roles and privileges. Oracle’s privilege model is deeply ingrained in enterprise systems, with fine-grained user controls and a strict distinction between users and roles. PostgreSQL, while just as capable, approaches roles and privileges differently, offering flexibility and simplicity, but it also requires a shift in mindset for Oracle users.

This article provides a practical guide for Oracle experts to understand and implement roles and privileges in PostgreSQL, addressing the structural differences, common challenges, and best practices to make this transition smooth.

Read on for the differences between the two platforms.

Comments closed

New Permissions and Database Roles in SQL Server 2022

Published 2024-11-14 by Kevin Feasel

Lori Brown builds a list:

Well…..I just learned about these and thought that it would be good to understand them a little more and have some links to read more about them. I honestly don’t have a lot of SQL 2022 servers in our customers SQL estate, so this has flown under the radar for me. This will be an attempt to put some spread-out information in a one-stop shop.

Click through for a table with information on roles, as well as lists for permissions.

Comments closed

Category: Security