Database Engine Security Enhancements

New: 14 April 2006

The SQL Server 2005 Database Engine includes extensive new security mechanisms. Major additions include surface area reduction at installation, surface area configuration tool, native encryption, integrated key management, granular authorization, configurable password policy, discrete execution context, and multiple proxy accounts.

Installation with Reduced Surface Area

All but the most essential features are either not installed by default or are disabled if they are installed.

For more information, see Setting Up Windows Service Accounts.

Surface Area Configuration

The SQL Server Surface Area Configuration Tool provides a graphical user interface (GUI) for configuring the server's externally visible security profile.

For more information, see Surface Area Configuration.

Native Encryption

Enhancements to Transact-SQL enable data encryption inside the database, supported by integrated key management infrastructure.

For more information, see Security Functions (Transact-SQL).

Granular Authorization

The authorization system has been greatly extended. Authorization is evaluated against parallel hierarchies of principals, securables, and highly granular permissions.

For more information, see Permissions.

Password Policy

SQL Server 2005 can apply the same complexity and expiration policies used in Windows Server 2003 to passwords used inside SQL Server.

For more information, see Password Policy.

Execution Context

It is now possible to specify the security context under which statements in a module are executed.

For more information, see Module Signing.

Multiple Proxy Accounts

SQL Server Agent supports multiple proxy accounts (one per job subsystem).

For more information, see Creating SQL Server Agent Proxies.

Community Additions