Summary

SQL Server 7 dramatically improved the integration of SQL Server with the Windows operating system. Windows integrated security provides secure authentication services, and SQL Server provides full discretionary access control. Permissions in SQL Server are assigned to database users, not to SQL Server logins. You use this mechanism to isolate applications and users among multiple databases while still using a single instance of SQL Server. Permissions in general are restrictive rather than permissive. Therefore, by default when you create a new object, no one but the creator can access the object. This is different from in Windows, where in general everyone on a machine has access to a file until you secure it.

SQL Server 2000 goes even further in integrating with Windows, allowing full integration with Windows 2000 features such as Kerberos and client delegation. SQL Server 2000 introduces full auditing capabilities, including an easy-to-use graphical interface for viewing and saving the audit logs. SQL Server 2000 also supports C2-style auditing for applications that must perform a full security audit. SQL Server 2000 also extends the protection provided by the server across the network. You can encrypt all communications with SQL Server without using IPSec in Windows 2000, via the SSL/TLS mechanisms and X.509 certificates.

These features and more provide you with a secure database platform that will continue to take advantage of the capabilities of future releases of Windows. SQL Server is inherently secure and can protect your data fully. You should take advantage of the Windows 2000 platform by installing SQL Server in a secure way (that is, into an NTFS partition) and using the Windows 2000 security features available to you, such as encrypting your data files with the Encrypted File System.