Database Engine Security Enhancements
New: 14 April 2006
The SQL Server 2005 Database Engine includes extensive new security mechanisms. Major additions include surface area reduction at installation, surface area configuration tool, native encryption, integrated key management, granular authorization, configurable password policy, discrete execution context, and multiple proxy accounts.
Installation with Reduced Surface Area
All but the most essential features are either not installed by default or are disabled if they are installed.
For more information, see Setting Up Windows Service Accounts.
Surface Area Configuration
The SQL Server Surface Area Configuration Tool provides a graphical user interface (GUI) for configuring the server's externally visible security profile.
For more information, see Surface Area Configuration.
Native Encryption
Enhancements to Transact-SQL enable data encryption inside the database, supported by integrated key management infrastructure.
For more information, see Security Functions (Transact-SQL).
Granular Authorization
The authorization system has been greatly extended. Authorization is evaluated against parallel hierarchies of principals, securables, and highly granular permissions.
For more information, see Permissions.
Password Policy
SQL Server 2005 can apply the same complexity and expiration policies used in Windows Server 2003 to passwords used inside SQL Server.
For more information, see Password Policy.
Execution Context
It is now possible to specify the security context under which statements in a module are executed.
For more information, see Module Signing.
Multiple Proxy Accounts
SQL Server Agent supports multiple proxy accounts (one per job subsystem).
For more information, see Creating SQL Server Agent Proxies.