At SQL Bits this year I attended a security presentation from Andreas Wolter. The session examined some attack methodologies, showing the flow that an attacker might go through to gain information about your database instance with SQL Injection. It's a scary and eye-opening talk, and one that I might recommend to all DBAs and developers so that they can understand the dangers involved with poorly coded applications.
One of the most scary attacks was the elevation of privileges from a web user to a sysadmin on an instance, mainly because of the Trustworthy setting being enabled. I had never imagined this as an attack vector, but it was disconcerting to say the least. However it got me wondering about instances I've managed.
Would I detect if a new sysadmin were added? Or an existing user added to the role? I'm not sure I would, though that's certainly something I plan on setting up with some sort of monitoring to detect. I would guess that most DBAs, whether professional or accidental, might not catch this either, at least until some audit was performed. At that time it might be too late to protect your data, and certainly too late to protect your reputation.
Security is a tough topic, and it's an ongoing process to protect your systems. I hope to see more presentations like this at future events, and I'd encourage you to request them for any events you plan on attending. You can certainly do this for all SQL Saturday events (there's a suggest a session on the schedule page).
Security requires vigilance and vigilance requires monitoring. Both of those also need knowledge, so be sure that you don't neglect the security of your SQL Servers and continue to educate yourself over time as well as implementing technical solutions.
Come learn about Continuous Integration for databases at our Cambridge workshop on Friday, August 8, 2014 at the Red Gate office. Learn to link your source control system to a build environment and automatically generate and test your databases. We will use Subversion and Jenkins in the class, and explain how the techniques can be applied to any other VCS (Git, TFS, Mercurial, etc) as well as any build server (Bamboo, Team City, TFS Build, etc.)
Microsoft Azure Queues are a ready-to-use service that loosely connects components or applications through the cloud. Roman Schacherl has written an introduction to this service to help get your started. Read the free article here.
Ricky Leeks on Learning .NET Memory Management
Pick up all six free articles in one free download. Find out what Ricky has to teach you about garbage collection, memory management gotchas, and more. Download the article pack free.
Resilient T-SQL code is code that is designed to last, and to be safely reused by others. The goal of defensive database programming, the goal of this book, is to help you to produce resilient T-SQL code that robustly and gracefully handles cases of unintended use, and is resilient to common changes to the database environment. More »
One option to get notified when TempDB grows is to create a SQL Alert to fire a SQL Agent Job that will automatically send an email alerting the DBA when the Tempdb reaches a specific file size. This tip explains how to set it up. More »
Microsoft's SQL Server 2014 update means big changes for database administrators, and you need to get up to speed quickly because your methods, workflow, and favorite techniques will be different from here on out. The update's enhanced support of large-scale enterprise databases and significant price advantage mean that SQL Server 2014 will become even more widely adopted across the industry. The update includes new backup and recovery tools, new AlwaysOn features, and enhanced cloud capabilities. In-memory OLTP, Buffer Pool Extensions for SSDs, and a new Cardinality Estimator can improve functionality and smooth out the workflow, but only if you understand their full capabilities. Professional Microsoft SQL Server 2014 is your comprehensive guide to working with the new environment. Get your copy from Amazon today.
Yesterday's Question of the Day
(by free mascot):
How is a row is stored in memory-optimized table storage?
Answer: Rows are stored as individual rows.
The correct answer is "Rows are stored as individual rows". 8K pages are part of Disk-based storage. Refer following link for detail:
SSRS-Adding a subgroup to a group column
- Here is my scenario:
I have a matrix report which looks like this:
Project Hours Normalized Hours
ProjectXYZ 10 20
- Okay, a topic that has NOTHING to do with SQL . . .
Came across [url=http://www.sqlservercentral.com/Forums/Topic447796-4-1.aspx]this link[/url] describing the SSC point scoring descriptions,...
Today's Random Word!
When you woke up today, or logged-onto Opera Forums, you may have had a dream, a thought, a scene...
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.