The Azure Security Podcast Episode 114: SQL Server 2025 Security Improvements
Jun 9, 2025
Join Pieter Vanhove, a Product Manager at Microsoft specializing in data security, as he delves into the exciting security advancements in SQL Server 2025. The discussion covers enhanced user authentication and a shift away from traditional passwords towards managed identities. Pieter highlights significant improvements in the Tabular Data Stream protocol, making TLS upgrades smoother. He also shares insights on cache invalidation enhancements that elevate server performance without compromising user experience, showcasing the latest trends in data security.
AI Snips
Chapters
Books
Transcript
Episode notes
Eliminate Credentials with Managed Identity
- Use managed identities on ARC enabled machines to eliminate credentials for Azure Active Directory authentication.
- This enables credential-free backups and restores by leveraging the VM's managed identity for access control.
Stronger Password Hashing Algorithm
- SQL Server 2025 uses PBKDF with 100,000 iterations to hash login passwords enhancing security against brute force attacks.
- Password hashes include a version byte indicating which algorithm version is in use, improving transparency and upgrade paths.
Modernized RSA Encryption Padding
- SQL Server 2025 replaces RSA PKCS 1.5 padding with OAEP padding for certificates and asymmetric keys.
- This mitigates significant security weaknesses and protects against padding oracle attacks.
