This editorial was originally published on July 27, 2009. It is being re-run as Steve is out on vacation.
There is a report that came out recently that shows how you can predict Social Security numbers, an important piece of identity information in the US. This, according to this C|Net article, could result in massive fraud taking place if someone's birthday is disclosed.
So many sites want to get this piece of information from you, often to ping you on your birthday or give you some gift. I've always been wary, however, and usually put in April 1 instead of my real birthday. It makes for lots of birthday wishes on that day, but that's OK. I appreciate the thoughts, even if they are a few months off.
This does highlight the danger of using an algorithm to generate data. Unfortunately there are plenty of people out there that will maliciously find ways to mis-use data, and if they can guess how you generated the data, they can extrapolate that out to calculate what other data might exist in your system. I know most people that need to generate codes often don't spend a lot of time ensuring they've picked a good method from a security point of view.
The key here is to keep pieces of information somehow separate, to make it more difficult for a criminal of some sort to perform the extrapolation. That gets harder and harder to do, primarily because of the job many of us do. We gather data into SQL Server and other platforms, and make it easy to put this data together.
As with many of the problems I see in today's world, I don't have a perfect solution to this problem. However I think that many of us handle data insecurely, often comparing actual values when a hash, or digital signature might work instead. I know some of that is because we don't have great tools for working with digital signatures, but also because it's a complex process.
Credit card companies, banks, and other institutions often have complex rules for how they handle and process data. I think this more of their secure methods of handling data should be published and taught so that other companies can better learn how to build more secure applications.
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
In this FREE eBook, Sebastian Meine guides you through the fundamentals of SQL Server Replication, to the point where you should feel comfortable using it in production. Download the free eBook.
14 SQL Server Backup Questions You Were Too Shy to Ask
Read Grant Fritchey’s free PDF and get the answers to some of life’s big questions, like, “How do I retrieve a table from the log?” and, “Are SAN backups enough?” Download the free article PDF.
24% of devs don’t use database source control – make sure you aren’t one of them
Version control is standard for application code, but databases haven’t caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out…
By David Postlethwaite
At my presentation on SQL Server Management Studio at SQL Saturday in Exeter I promised to write some... More »
Question of the Day
Today's Question (by Steve Jones):
When is an automatic checkpoint taken for memory-optimized tables in SQL Server 2014?
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth
1 point in this category: SQL Server 2014.
We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the
Expert Performance Indexing for SQL Server 2012
Expert Performance Indexing for SQL Server 2012 is a deep dive into perhaps the single-most important facet of good performance: indexes, and how to best use them. The book begins in the shallow waters with explanations of the types of indexes and how they are stored in databases. Moving deeper into the topic, and further into the book, you will look at the statistics that are accumulated both by indexes and on indexes. All of this will help you progress towards properly achieving your database performance goals.
Replace code in SP
In this SP
[code="sql"]SELECT TOP (@topval) dbo.bigtb.fire, dbo.maingroup.maingroup, dbo.bigtb.subgroup, dbo.maingroup.groupnamefa, dbo.subgroup.subgroupfa, dbo.bigtb.title1,
dbo.bigtb.tbody1, dbo.bigtb.film1, dbo.v_userpro.pageview, ISNULL(dbo.pictb.picurl1, '') AS picurl1, dbo.pictb.tooltip1, dbo.pictb.main1, dbo.bigtb.photo1,...
recursive queries - parent child
- Hi everyone i need to make some parent-child transformation.
here is test input data:
CREATE TABLE #TestTable(
[Code7] [varchar](7) NOT NULL,
[Code1] [varchar](1) NOT...
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.