Don Kiely

Don Kiely

Don Kiely, MVP, MSCD, is senior technology consultant specializing in developing secure desktop and Web applications that integrate databases and related technologies, using tools including SQL Server, Visual Basic, ASP.NET, and XML. When he isn't writing software, he's writing about technology, speaking about it at conferences, and training others about it. Read his blog at http://www.sqljunkies.com/weblog/donkiely/.

Articles Authored

  • Never Write an Insecure ASP.NET Application Ever Again

    Last updated: Wednesday, August 31, 2022

    Published in: CODE Magazine: 2008 - January/February

    One of the most important security principles for software development is least privilege.Simply put, least privilege means that an application, process, or user should have the least access to resources required to accomplish a task and no more. By following this principle, even if your application is attacked or a user goes on the payroll of your nastiest competitor, you’ll have limited the potential damage. Bottom line: implementing partial trust in ASP.NET is the single biggest thing you can do to make your applications secure.

  • Security in the CLR World Inside SQL Server

    Last updated: Wednesday, August 31, 2022

    Published in: CODE Magazine: 2006 - March/April

    One of the major benefits of writing .NET code to run in the Common Language Runtime (CLR) hosted in any environment is code access security (CAS).CAS provides a code-based-rather than user-based-authorization scheme to prevent various kinds of luring and other code attacks. But how does that security scheme coexist with SQL Server 2005’s own, newly enhanced security features? By default your .NET code is reasonably secure, but it’s all too easy for the two security schemes to butt heads and cause you grief. In this article I’ll look briefly at the concept behind CAS and a few new security features in SQL Server 2005, then explore how to make the two systems work for you instead of against you as you take advantage of these advanced programming features in SQL Server.

  • SQL Server 2005 Secures Your Data Like Never Before

    Last updated: Wednesday, August 31, 2022

    Published in: CODE Magazine: 2005 - September/October

    If you care about your data, you must upgrade to SQL Server 2005 the day it is released. There simply is no other option.An outrageous assertion? Perhaps. I tend to split my time equally between praising and bashing Microsoft, but the new security features and tools in SQL Server 2005 will be mandatory for protecting your data from today's increasingly sophisticated attacks. Most importantly, SQL Server 2005's many layers of security provide for defense in depth in which layer after layer of protection helps keep data safe.

  • Two Dozen of My Favorite System Stored Procedures

    Last updated: Wednesday, August 31, 2022

    Published in: CODE Magazine: 2005 - May/June

    SQL Server 2000 is packed full of useful system stored procedures there for its own use that you can use as well.This article will explore a couple dozen of the most useful hidden gems you can use to more easily manage your databases, improve the applications that use the data, and provide new ways to impress potential mates at parties. You'll learn when to use these system stored procedures, explore when to use them, and see lots of code.

}