Skip to main content
Mitch Irsfeld

TechNet Flash, Volume 13, Issue 16 - July 27, 2011
TechNet Flash Editor's Note from Mitch Irsfeld

Moving a database management system to the cloud, in whole or in part, necessarily alters the way you approach security, but you'll quickly find out that securing a SQL Azure cloud database is similar to securing access and applications for SQL Server. In the new TechNet feature package, we look at the various features and techniques available to secure your SQL Azure installation.

Josh Hoffman's Securing SQL Azure in TechNet Magazine is great place to start. He takes you through the prerequisite process of setting up a Windows Azure account, which provides access to Azure services such as SQL Azure.

Hoffman also discusses network access control with the SQL Azure Firewall, the authentication method in SQL Azure and the connection encryption via TDS over an SSL connection.

The SQL Azure team goes into detail on all these topics, and to make it easy to find and move among topics, they have published their SQL Azure Security content to the TechNet Wiki. Starting out, you'll find that SQL Azure only supports encrypted connections and has two types of access control. As with any implementation of SQL Server, accounts are managed with SQL Authentication. And the SQL Azure Firewall restricts access by IP address. For more on these security methods, see the Overview of Security in SQL Azure and the Security Guidelines for SQL Azure.

When managing logins and users in a SQL Azure database, there are some restrictions. In his video demonstration How Do I: Configure SQL Azure Security?, Max Adams walks through the creation of logins, databases and users, and how to view logins and databases from the master database.

Finally, some common sense best practices can make your SQL Azure database applications less vulnerable to threats:

  • Always use the latest updates and the most current version of tools and libraries.
  • Block inbound connections on TCP port 1433. Only outbound connections on TCP port 1433 are needed for applications to communicate with SQL Azure Database.
  • Use parameterized queries where possible to prevent SQL injection vulnerabilities.

Thanks for reading,

Mitch Irsfeld
Editor, TechNet Flash

Subscribe to the TechNet Flash Feed blog for news updates as they happen, often several times a day.