This editorial was originally published on Apr 24, 2014. It is being re-published as Steve is out of the office.
Would you post your password on a wall in your office? Of course not, because other employees, the cleaning crew, even guests walking around your office would be able to access your system with your account. When I read Brian Kelly's post on passwords in files, that's what I thought of. Sticking credentials in a file, where they're subject to any kind of search, is a bad idea.
However this happens all the time. Combine this with a few other "common practices" like using sa to connect to a database and building dynamic SQL, and you might as well just set blank passwords and invite someone to have fun with your database. It's sad that we continue to see these types of software development practices in 2014, and especially poor to see them from companies that sell software.
There is so much information out there on building software that is of higher quality and is much more secure. However all too often I find developers just aren't implementing these practices. There are probably a myriad of reasons why, and I wish we had more ways to better train people, disseminate the information, and enforce it's use.
Ultimately we can only do what we can. However I'd encourage those of you that see poor practices taking place to have a word with the developer (internally), or send a note to the vendor. If it's more important to make a few more dollars than implement better practices, I'd encourage you to publicly call some attention to the matter. Maybe a little exposure to the dark side of software development will pressure managers to require more secure work over time.
Feeling the pain of managing and deploying database changes manually? Redgate ReadyRoll creates SQL migration scripts you can use to version control, build and release, and automate deployments. Try it free
Don’t just fix SQL Server problems, prevent them from happening
When your application is running slowly, the reflex action is to blame the database queries. It is certainly true that some of the more extravagant delays can be fairly blamed on a missing index or unnecessary locking, but there are other potential villains in the drama, including the network and the application itself. Dan Turner points out that you could save a lot of time and money by working out for sure where the problems lie before diving into the detail. More »
DevOps is gaining ground everywhere. By offering a route to releasing software faster, with fewer errors, it can give companies which adopt it an immediate advantage. Unfortunately, it’s not something you can just buy or decide to do tomorrow. Instead, it’s a shift that needs the right guidance to become reality. More »
I love the query store, it is powerful (can be dangerous) , easy to use and packed full of information. I... More »
Question of the Day
Today's Question (by Steve Jones):
My system has the MAXDOP set at 8 to prevent a query from using all 16 cores. For my index rebuild, I want this to complete this as quickly as possible overnight and use all 16 cores for only the index rebuild. What is the easiest way to do this?
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth
1 point in this category: Indexing.
We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the
Automate your workload and manage more databases and instances with greater ease and efficiency by combining metadata-driven automation with powerful tools like PowerShell and SQL Server Agent. Automate your new instance-builds and use monitoring to drive ongoing automation, with the help of an inventory database and a management data warehouse. Get your copy from Amazon today.
Yesterday's Question of the Day
(by Steve Jones):
I want to import a file into my R session. The file is loaded in f:\datasets\NFL. However, when I try to read the file, I get this:
> read.file("2016QB.tsv", sep="\t")
Error: could not find function "read.file"
I need to set the working folder of my session. How can I set this to the correct folder?
The correct answer here is the setwd() function with the path included. The path needs forward slashes to work.
The backslash is an escape character in R. An alternative for doing this is :
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.