gMSA and SSL in SQL, a true journey

Info Lately when I set up a Microsoft SQL server I’ll always implement SSL and a gMSA account to run SQL from. Why? Convince yourself reading this blog post. Because this post focuses on a specific issue, I’ll not explain implementing SSL as such. Here’s the Microsoft documentation I follow for my implementations: https://support.microsoft.com/en-us/help/316898/how-to-enable-ssl-encryption-for-an-instance-of-sql-server-by-using-mi This …

Continue reading "gMSA and SSL in SQL, a true journey" »

How to prevent man in the middle SQL injection attacks

As a SQL engineer with an interest in security I’m convinced that security is a concept that should be implemented throughout an organization. Just placing a (properly configured) firewall and forcing password policies doesn’t suffice. In light of that last statement I wondered whether or not it was possible to gain access to a MS …

Continue reading "How to prevent man in the middle SQL injection attacks" »