The SQL Server Defensive Dozen – Part 3: Authentication and Authorization in SQL Server