Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Avoid This Time Scheduling Mistake

I was recently asked by a project manager to lay out when DBAs would accomplish certain tasks for a particular project. The primary DBAs would be me and a co-worker. We're under a tight schedule with respect to the project, so I fell into a trap that I should have… Read more

Consider All the Possibilities When Troubleshooting

When you are troubleshooting, the rule is if you've checked the obvious possibilities and still haven't solved the problem, it's time to expand to the unlikely ones. This is true even if the evidence would seem to rule out a possibility or if what you have for facts seem to… Read more

1 comments, 1,078 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 28 January 2013

Cash Over Credit

What does cash over credit have to deal with security? An awful lot, as it turns out.

Personal Story: Mere days after my family and I enjoyed a meal from this eating institution, I learn that there has been a potential data breach.

Let's assume the organization… Read more

Rename the SQL Server Management Studio shortcut

Jorge Segarra (blog | twitter) was giving a presentation and he remarked on how the SQL Server Management Studio shortcuts have the same name. If you're like most of us, you're working with multiple versions of SQL Server and have to have multiple versions of the tools installed… Read more

1 comments, 6,887 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 11 January 2013

Observe Carefully When Things Are Running Fine

Cross-posted from The Goal Keeping DBA blog:

As a worker in information technology, I’ve always been a big proponent of studying systems when they are working. I’ve also said that doing so helps me immensely when troubleshooting. However, I’ve never studied why that’s true. There’s a scientific explanation… Read more

2 comments, 1,708 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 10 January 2013

Speaking at Midlands PASS in February

On February 12th I'll be giving a SQL Server Security Refresher for Midlands PASS at Microstaff IT in Cayce/West Columbia, SC.


Register here to attend (so we know how much food to bring)


I'm dropping SQL Server 2000 from my presentations as it's end of life. We'll… Read more

Re-Awarded as a Microsoft MVP

Yesterday (January 1) I received the email indicating I was re-awarded as a Microsoft MVP, once again in SQL Server. I enjoy participating in our great community and recognition as an MVP is a bonus.

As others have indicated, obtaining an MVP award is based on subjective criteria not made… Read more

Looking Forward to the New Year - Professional Goals

Most folks make New Year's resolutions of things they want to do over the course of the next 364/365 days. Let me challenge you not to do that. Most of the time when folks make resolutions, they are simple, wishful statements that are effectively meaningless. For instance, "I want to… Read more

Are You a Chessplayer?

I was having a twitter coversation with @dataartisan about chess. He remarked that playing on-line with random folks didn't strike him as very much fun. Truth be told, I'd rather play a game with folks I know, even if it's only been a short time, than folks I don't. That made me… Read more

Are Your Protecting Your DB Backups?

Folks have cited the recent InformationWeek article on how South Carolina's Department of Revenue was hacked because the SC state government basically said, "It's the IRS' fault for not telling us we should encrypt social security numbers." I'm not going to touch that. It stands on its own for its foolishness.… Read more

1 comments, 1,786 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 27 November 2012

Server Level Security

 We'll discuss surface area later in the week. Today let's talk about if you're able to connect to SQL Server. Connecting to SQL Server and actually logging in are two different things. I can run a scanner and detect SQL Server is present and then launch a telnet session. That… Read more

0 comments, 1,995 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 6 November 2012

SQL Server Security: The Sum of Its Parts

When it comes to attacking SQL Server, whether we're talking about the security of an installation or as a piece towards a larger solution, I first stop and realize that SQL Server is the sum of its parts. For instance, take SQL Server installed on a VM. Areas that concern… Read more

0 comments, 1,075 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 5 November 2012

Preparing for Certification

One of my goals back when I was a young MCSE (that's Microsoft Certified System Engineer for NT4, not the new certs) was to one day be certified as a Microsoft Certified Trainer. I realize that being an MCT is like being a Ph.D. There are some super sharp ones and there… Read more

0 comments, 1,034 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 22 October 2012

MS12-070 - Should I patch more than Reporting Services?

If you're dealing with a version of SQL Server greater than SQL Server 2000, at this point I'm going to say yes. The reason I say yes is looking at the files that are updated. For instance:

Read more

1 comments, 1,394 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 11 October 2012

Slides and Scripts from Idera Auditing SQL Server presentation

I had a few folks ask me for the slides and SQL scripts from the Auditing SQL Server webinar I gave for Idera. You can find them together in this .zip file:


Thanks for those who attended. If you weren't able to make the webinar, it's archived here: Read more

Microsoft Security Bulletin MS12-070 for SSRS

Today is black Tuesday for October 2012. One security bulletin is specifically for a component of the SQL Server stack: SQL Server Reporting Services. Here's the write-up from Microsoft:

Microsoft Security Bulletin MS12-070

This affects from SQL Server 2000 Reporting Services through SQL Server 2012 Reporting Services, all supported versions.… Read more

Kathi Kellenberger speaking at Midlands PASS

On October 17th, Midlands PASS will welcome Kathi Kellenberger to speak on T-SQL 2012. Here's what her talk will be on:

You have heard all about AlwaysOn, BI Semantic Model, and Power View. Did you know that SQL Server 2012 has a host of new T-SQL features? Attend this session… Read more

Webcast on SQL Server Auditing on October 9th

Idera will be re-broadcasting that I recorded earlier in the year on meeting audits with SQL Server. It's scheduled for October 9th at 10 AM PT/12 PM CT/1 PM ET. I'll be on afterwards for a live Q and A session. If you didn't get a chance to see it… Read more

Participate in the PASS Election Process

Once again it is time for the Professional Association for SQL Server (PASS) Board of Directors election. This year there are three seats available and five candidates vying for those seats. You can begin the process of learning about the candidates here:

PASS Elections Site

If you want to interact with… Read more

0 comments, 700 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 26 September 2012

The Reason I Won't Be at the PASS Summit This Year

We welcomed daughter #3 and child #5 into this world on Saturday at 9:43 AM. She came a bit earlier than expected, but mom and baby are both doing fine. Her siblings are ecstatic, especially her oldest sister (now 7 years old). With her birth, the balance of power has… Read more

7 comments, 987 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 24 September 2012

Newer posts

Older posts