Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Being a Better IT Pro - Grammar

In my IT career, one of the things I have found that sets me apart is my ability to write. As IT pros, we write a lot. Whether we're talking email or documentation, senior level IT workers are always writing. However, not all of us graduated college with a degree… Read more

21 comments, 4,717 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 23 December 2013

Speaking at SQL Saturday #233 - Washington, DC

For those who will be at SQL Saturday #233 in Washington, DC, I’ll be giving my professional development talk, Being the Swiss Army Knife of DB Pros, at 9:45 AM.

My career is ever evolving and so is my talk. For instance, I have just returned to the role… Read more

Free Online SQL Server Training for the Week of November 24, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Monday, Nov 25:

Read more

2 comments, 3,304 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 22 November 2013

Free Online SQL Server Training for the Week of November 17, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org. All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com. Tuesday, Nov 19:

Read more

What If Someone Tampered with the Process?

I’m a big fan of automation. Automation means I can do more. Automation means I eliminate the mundane stuff to focus on critical things. I like automation as an IT professional. However, as a security professional, a question that is ever present in my mind is,

“What if someone tampered…

Read more

Recording of SQL Injection Webcast Now Available

On Tuesday I gave a webcast along with MSSQLTips on SQL Injection. If you were unable to attend (or were able to attend and want to see it again), you can view it at the following link [registration required]:

SQL Injection: What it is, how it happens and how to…

Read more

Free Online SQL Server Training for the Week of November 10, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org. All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

 

Tuesday, Nov 12:

Read more

New Performance Tips eBook Out from Red Gate

Not too long ago Red Gate asked for quick tips on SQL Server performance intended for developers. I sent a couple in. They've compiled those tips into a free eBook format. If you want to download it:

45 Database Performance Tips for Developers

Read more

0 comments, 1,026 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 4 November 2013

Free Online SQL Server Training for the Week of November 3, 2013

I'm trying to re-establish this running guide to free online training for the following week. If you're a training provider and I've missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org. All times are Eastern (New York). To convert to your local time, use… Read more

0 comments, 1,045 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 31 October 2013

Is There Interest in SQL Server Security Pre-Cons?

I’m very passionate about security, especially database security. As the numbers with regards to data breaches continue to climb, this is become even more important to me. I’ve been affected personally by data breaches, as have many others. For instance, I’ve had to change out my credit cards due to… Read more

SQL Injection Webcast on November 5, 2013

On November 5th, in conjunction with MSSQLTips, I'll be giving a webinar on SQL Injection. It will be at 2 PM Eastern (New York).

SQL Injection: What it is, how it happens and how to stop it?   [registration required]

 

The agenda for this webinar is:

  • Who Is…

Read more

4 comments, 1,643 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 29 October 2013

Review: SQL Server Transaction Log Management

Book Details:

SQL Server Transaction Log Management 
Davis, Tony and Shaw, Gail 
Simple Talk Publishing, October 2012.

Free PDF download

Do I Recommend This Book?

Yes, I recommend this book for any DBA working with Microsoft SQL Server. Gail and Tony do an excellent job of covering how… Read more

Architecture Reasons for Putting BLOBs in the Database

I was participating in a Twitter Chat looking at what suggestions and recommendations for developer on how to make the best use of SQL Server. One of the points that came up was about BLOBs (Binary Large OBjects) within the database. The general recommendation is to keep BLOBs out of… Read more

5 comments, 1,767 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 24 October 2013

Speaking Twice on Oct 1, 2013

Carolina Technology Conference:

To start things off, I'll be speaking in the morning at the Carolina Technology Conference. I have a 40 minute slot from 10:05 - 10:45 AM Eastern. I'm shooting for a 30-35 minute presentation with 5-10 minutes of questions. Here's the information on the talk:

  Read more

0 comments, 509 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 30 September 2013

PASS BoD: I'm voting for Allen Kinsel

There are some very good names up for this year's PASS Board of Directors. However, I wanted to write a post about one guy in particular: Allen Kinsel. Why Allen?

 

Allen is "Good People:"

That's a saying we have in the South when we describe someone we respect and… Read more

2 comments, 575 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 23 September 2013

Installing SQL Server 2008 on a machine with .NET Framework 4.0? Read this.

The SQL Server Premier Field Engineer blog has a post about an issue with installing SQL Server 2008 on a system where the .NET Framework 4.0 is already installed:

 

SecurityException / 'The process was terminated' errors installing SQL 2008 when .Net Framework 4.0 is installed

 

The first workaround… Read more

0 comments, 461 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 23 September 2013

Don't Rush When It Comes to Privacy Data

The Dataloss list sent the following article through yesterday afternoon:

 

Obamacare Employee Accidentally Sends Out 2,400 Social Security Numbers

 

This is concerning, but I hate to say it, not unexpected. We know that the weakest link in security is always people. Likely a worker was trying to be… Read more

1 comments, 493 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 17 September 2013

Why Government Required Backdoors Are a Bad Idea

I've heard the argument, "I've got nothing to hide. If it helps them catch the next guy, I'm all for it." Even if that's 100% true and even if every single person in goverment with access to the data is 100% genuine and sincere in doing his or her job,… Read more

7 comments, 1,963 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 11 September 2013

Database DoS Whitepaper from Securosis

Securosis has released a whitepaper on their research with regards to database denial-of-service attacks. This whitepaper is platform agnostic. It does mention specific vulnerabilities that have been exposed and attacked with respect to database platform, but only to the extent that they show it's a universal problem.

One of the… Read more

0 comments, 431 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 11 September 2013

Sometimes I don't understand Microsoft's vulnerability classifications

Here's a great example:

 

  MS13-079 - Vulnerability in Active Directory Could Allow Denial of Service (2853587)

 

Basically, this patches a vulnerability where an attacker can send a specially crafted LDAP query to an Active Directory domain controller and cause the LDAP service to fail. Here's the attack scenario I see: Read more

0 comments, 347 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 10 September 2013

Older posts