We’re seeing more and more GDPR-style laws coming out from various governments. With the GDPR starting to do enforcement at long last, it’s pretty clear that privacy and protection is a growing thing. Add to this the fact that SQL Injection is still an issue along with all the other ways you can get hacked. Let’s face it. We have to secure our servers better.
SQL Census
The Redgate Foundry is pretty much what it sounds like, a place to build tools. Basically, it’s where pie-in-the-sky style experimentation takes place at Redgate. That’s not to say that we don’t also do very down-to-earth experimentation. In fact, for this whole privacy and protection thing, we’re working on a number of tools. The one I want to draw your attention to right now is SQL Census.
This basically a tool to get the security on your SQL Server instances under control and under management. SQL Census will help you set best practices, understand what permissions you’re dealing with now, and put together reports for auditing or even a Data Impact Assessment (a requirement for GDPR compliance).
You can get a copy of this tool right now to try it out and to help us set direction on it. Follow the SQL Census link above to learn more. You can also see the tool in action this week, Wednesday, December 12, at SQL in the City Streamed, so make sure you put some time aside.
Security has moved from a nice to have, after thought, that we’ll get to LATER. Security, privacy and protection are now fundamentals of the legal underpinnings of data management. Your business cares about security (or soon will), so you have to as well. Please, check out how Redgate can help.
@Grant – I don’t know if you are able to do anything about this but in order to participate (i.e. comment/feedback) for this tool at Redgatefoundry.com your required to log in either with your Microsoft account or GitHub account and then your asked to provided the Redgatefoundry site the permissions to “Sign you in and read your profile” and “access your data anytime”. This unacceptable and I find it uncanny that a site promoting the testing and feedback of a tool about security requires the user to hand over the access to their own account from a different site/company.
How are those of us who are serious about security supposed to take a company serious when they don’t appear to practice the security they are promoting?
Thank you for all you do
Bringing this up with the team right now.
Hi there, I’m Doerte from the SQL Census team. You raise a valid point and I’d like to clarify that while Microsoft’s permission dialogue mentions accessing your data anytime, we’re not actually requesting more access than we need to. We’re specifically not requesting the offline_access scope, contrary to what the dialogue suggests.
By using GitHub and Microsoft as authentication providers, we’re essentially getting a verified email address from them that belongs to you. We’re using OpenID as a mechanism for retrieving that email address, which involves you authorising access by our application to your data. For GitHub, the authorisation scope we’re requesting is user:email, for Microsoft it is User.Read.
If you’re using a personal Microsoft account to log in, the dialogue doesn’t mention anything about offline access. We agree that the message isn’t reassuring so we’re going to raise this with Microsoft support.
Thanks for following up on this and apologies for taking so long to reply myself; were doing a major cloud migration and despite the vendors sales folks talking about how its all magical and full of joy and rainbows (the cloud that is) the real world cloud is….not rainbows and joy.
And by selecting the PERSONEL account with Microsoft it still requires that I give access to you to read my profile and while that’s a lot better its still not what it should be. The permissions should be limited to authorizing the user and nothing more. I am however very pro-security. If you try to search on my real name you won’t find a picture of me anywhere, same goes for my family. We’ve worked hard to keep our data/info as secure as we can thanks to the exploitative practices of social media platforms/systems.