SQL Server 2005 comes with enhanced security features to make administrator life more easier and manageable at the same time some of the features provides developers flexibility to develop applications with the privileges they need without compromising the security. Code execution inside SQL Server can now be managed through a mix of Windows, native SQL Server security and .Net Code Access Security. A good news: now SQL Server users could be mapped with Windows credentials, means SQL Server can now access file and network resources, cool. Well, SQL Server is following the "Trustworthy Computing" so the features that requires more attention will be disable by default, no worries if you are a beginner and say - thanks to Microsoft. For example HTTP ENDPOINTS - a feature which enables SQL Server to expose stored procedures as WebService, disables by default.

A good new which I like the most, there is no more SQL only users in SQL Server 2005. What does it mean? it means SQL Server 2005 allows not only its local users but also Windows users to access the database. Not only this but you can also configure either SQL Server or Windows (local or Active Directory) or both can access.

If the administrator has applied security by configuring the Windows Authentication, then who ever loggedin to the database goes through the same credential policies as Windows users, it means all those rules which are part of Windows Authentication will be applied to the SQL Server users.

There is a lot more on Security inside SQL Server 2005 and will come up with them in the coming posts.

Cheers.