This is not how you handle things. When you find security issues, and they don't get fixed, it's one thing to attempt to prove a point with a PEN test. It's quite another to publicly expose information. You might find yourself in trouble, and you should be in trouble. This is a violation of the professional responsibility you undertake when working for someone.
This is the type of frustration that occurs in many IT workers. I've seen more than a few people working in technology that are sure they know how to properly configure and manage an application. They know how to set up security, and they become upset with a company that doesn't do a good job of running internal systems. They know that the architecture chosen for their application will fail when a load is applied.
There are some smart people in IT, but sometimes they think they're smarter than they are. Bad design, bad decisions, mistakes, even poor security practices will occur. However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.
When you find problems in your organization, it is your responsibility to report them. I hope you think it's your job as a professional to do the best job you can, following the best practices as we know them. It's also your decision to choose to leave a job if you can't go along with, or abide by, the decisions made by your management.
If your company has chosen poorly in their technology decisions, I understand your frustration. I've often shared it, but I'd advise you to do what I've done. State your objections and either support the chosen path or find another job.
Read Kalen Delaney's free eBook "SQL Server Concurrency: Locking, Blocking and Row Versioning" to learn all about concurrent access, troubleshooting deadlocks, and more. Download the free eBook
5 ways to code effortlessly
Discover the different ways you can make writing, exploring, and refactoring SQL code refreshingly effortless with SQL Prompt 6. Download a free trial.
Once Upon a Time in Compareland…
Jack spent two days manually checking his database upgrade script for mistakes. Then his boss sent him the license key to their newly purchased SQL Compare. “It’s so fast” he sobbed as tears of joy quietly plopped into his beer at 6, hours before he thought he’d be able to leave the office that night. Read more about SQL Compare.
Steps to install Service Pack for SQL Server 2005 on multiple instances in one go :-
Step 1 : First page of... More »
Question of the Day
Today's Question (by Stuart Davies):
Assuming xp_cmdshell is enabled, how many rows will there be in the output file (C:\Exports\data.csv) from the following script?
CREATE TABLE #Employee
[UniqueId] [int] IDENTITY(1, 1)
NOT NULL ,
[EmployeeName] [char](10) NULL,
INSERT INTO #Employee
DECLARE @BcpCommand VARCHAR(250)
SELECT @bcpcommand = 'bcp "SELECT EmployeeName FROM #Employee WHERE UniqueId <= 7" queryout "C:\Exports\data.csv" -c -T '
EXEC master..xp_cmdshell @bcpcommand, NO_OUTPUT
DROP TABLE #employee
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth
2 points in this category: T-SQL.
We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the
The 2014 release of Microsoft's SQL Server Integration Services provides enhancements for managing extraction, transformation, and load operations, plus expanded in-memory capabilities, improved disaster recovery, increased scalability, and much more. The increased functionality will streamline your ETL processes and smooth out your workflow, but the catch is that your workflow must change. New tools come with new best practices, and Professional Microsoft SQL Server 2014 Integration Services will keep you ahead of the curve. SQL Server MVP Brian Knight is the most respected name in the business, and your ultimate guide to navigating the changes to use Microsoft SQL Server Integration Services 2014 to your utmost advantage. Get your copy from Amazon today.
Yesterday's Question of the Day
(by Sarvesh Gupta):
Which of these describes how a correlated subquery is processed?
Answer: Uses the result of an inner query to determine the processing of an outer query.
The corrent answer is C.
A correlated subquery uses the result of an inner query to determine the processing of an outer query.
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.