Database security used to be a simple matter of access control. Break your users into task groups, then assign each group the permissions its members require. How times have changed! No SQL Server professional today would ever think of releasing a database without first checking it for security vulnerabilities such as weak passwords or porous firewalls. But how do you know whether you've verified every essential security setting? Forget to lock down your installation folders or disable your server's Guest account, and just like that, you're toast!

The...