SQLServerCentral.com Community Update for {date}

Problems displaying this newsletter? View online.

Featured Contents

Question of the Day

Encoding NULL

The Voice of the DBA

Minimally Viable Security

Security has been a constant concern for many IT professionals over the years. Many of us are trying to implement better security controls, and yet at the same time, we try to avoid anything that slows us down. Security clearly hasn't been a big enough concern, as we've had more than our share of SQL Injection issues. These often come about from poor practices, lack of education, and too many people not learning to adopt better habits across time.

We've also had no shortage of lost backups, open cloud buckets, and more over the years. While security (or cybersecurity) is listed as a concern for tech management, they are quick to avoid slowing down any development or deployment of software. While it is easier to get time for patching these days, it's still not easy. There are plenty of organizations that prioritize resources spent on tasks other than patching, upgrading systems, or training developers.

One of the ideas in modern software development is to often build an MVP, a minimally viable product, where we can test ideas and determine if our solution is worth pursuing. This could be a greenfield application, or even a feature enhancement to an existing system. In the age of GenAI, vibe-coding, and more, this might be MCP or agent-based AI additions to software that are being developed and enhanced rapidly, incorporating feedback from customers.

If we allow minimal amounts of features to test things, shouldn't we have minimal levels of security as well? That's the thrust of a blog post from Forrester that discusses how we might look forward in 2026 to protecting our digital systems. There ought to be a minimum set of controls, testing, and more that ensures we can build software that doesn't cost more from security issues than it generates in revenue. This might be especially important in the age of GenAI-coding where we can have less experienced engineers or even helpful agents committing lots of code they expect to deploy to production.

Education is important here to ensure everyone is aware of your MVS (minimal viable security) before they get too far along. It might be especially important in helping others guide their GenAI tools to ensure security is being considered early on. Adding in security requirements as a standard for your tools, such as in a Claude.MD file is a best practice that should be required for all future software development. You never know who might start to add AI coding tools or agents to your codebase, so be prepared now.

Education isn't enough. It's too easy for someone to forget what they learned. It's also easy to assume many people have learned something when they haven't. To me, part of an MVS is ensuring you have a framework or platform that can test all code and ensure that your systems are being securely built and deployed. This includes third-party software, especially SaaS products, where vendors might be tempted to sell you their own MVP without any MVS.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

Featured Contents

Loading a Database for USD$5

Steve Jones - SSC Editor from SQLServerCentral

See how Claude Code helped load a lot of messy data into a database for less than $5.

Optimize SQL Server Query without Changing the Query

Additional Articles from MSSQLTips.com

Sometimes we cannot improve query performance because we don’t have control over the code. Consider a query that is generated by Entity Framework (EF) from the application and you do not have access to the source code. The main question is how you can improve SQL Server query optimization for a poorly performing query?

From the SQL Server Central Blogs - Resetting on the AI hype train

K. Brian Kelley from Databases – Infrastructure – Security

There's a great article from MIT Technology Review about resetting on the hype of AI. AI's current state is somewhere between the die hard evangelists and the doomsayers

From the SQL Server Central Blogs - Monday Monitor Tips: Native Replication Monitoring

Steve Jones - SSC Editor from The Voice of the DBA

Redgate Monitor has been able to monitor replication for a long term, but it required some work from customers. Now we’ve added native monitoring. This is part of a...

Murach's SQL Server 2022 for developers

Site Owners from SQLServerCentral

Murach's SQL Server 2022 for Developers is a comprehensive guide to database design and management. This computer book teaches essential SQL statements through clear examples and practical exercises. The book's unique paired-pages format makes learning database software concepts easier, while providing in-depth coverage of database management fundamentals. Ideal for both beginners and seasoned developers seeking to enhance their data management skills.

Question of the Day

Today's question (by Steve Jones - SSC Editor):
	Encoding NULL
What is returned from this code in SQL Server 2025? SELECT BASE64_ENCODE(NULL)
Think you know the answer? Click here, and find out if you are right.

Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Multiple Escape Characters

In SQL Server 2025, I run this code (in a database with the appropriate collation):

SELECT UNISTR('%*3041%*308A%*304C%*3068 and good night', '%*') AS 'A Classic';

What is returned?

Answer: An error that the escape character is a single character

Explanation: This returns the following error: Msg 9843, Level 16, State 0, Line 27 Unicode escape character '%*' is invalid. Unicode escape character should be of 1 character length and a code point ranging from U+0020 up to U+007E. Only one character is used to escape Unicode codepoint values Ref: UNISTR - https://learn.microsoft.com/en-us/sql/t-sql/functions/unistr-transact-sql?view=sql-server-ver17

Discuss this question and answer on the forums

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2019 - Administration

Database file shrink issue. - Hi experts, I have a 3+ TB database on a 2019 sql server which has more than 50% free space. I know database or data file shrink is not a good practice so please not go there, I tried with 100 mb in a loop which is taking much longer time so it's not feasible. […]

SQL Server 2019 - Agent job PowerShell step issue - I have a couple of SQL Agent job steps which run PowerShell commands of the form: Invoke-Command -ComputerName REMOTE -ScriptBlock {& "E:\Scripts\PowerShellScript.ps1" -ServerName "REMOTE\INSTANCE"} In each case, these steps have started failing with errors of the form: The job script encountered the following errors. These errors did not stop the script: Unhandled Exception: System.FormatException: Index […]

Analysis Services

Database backup job steps - I have a SQL Agent job for backing up a set of Analysis Services databases with each database covered by a different "SQL Server Analysis Services Command" job step of the form: { "backup": { "database": "CUBE NAME", "file": "CUBE NAME.abf", "allowOverwrite": false, "applyCompression": true } } However, if a database is added, deleted or […]

Editorials

The North Star for the Year - Comments posted to this topic are about the item The North Star for the Year

Finding Motivation - Comments posted to this topic are about the item Finding Motivation

The Side Job - Comments posted to this topic are about the item The Side Job

Happy Holidays, Let's Do Nerdy Stuff - Comments posted to this topic are about the item Happy Holidays, Let's Do Nerdy Stuff

Article Discussions by Author

Multiple Escape Characters - Comments posted to this topic are about the item Multiple Escape Characters

The Last Binary Value of the Year - Comments posted to this topic are about the item The Last Binary Value of the Year

SQL Art, Part 2: New Year Fireworks in SSMS - Comments posted to this topic are about the item SQL Art, Part 2: New Year Fireworks in SSMS, which is is not currently available on the site.

Database security permissions save script - Comments posted to this topic are about the item Database security permissions save script

SQL Server 2025 Backup Compression Algorithm - Comments posted to this topic are about the item SQL Server 2025 Backup Compression Algorithm

The Large Encoded Value - Comments posted to this topic are about the item The Large Encoded Value

UNISTR Escape - Comments posted to this topic are about the item UNISTR Escape

SQL Server 2022 - Development

reaching ftp thru winscp but erroring in ssis ftp task connection - Hi, below i show various results trying to reach our ftp site (a globalscape product) from both winscp and ssis's ftp task as a certain user on a certain port. as far as i know, in winscp i choose FTP as the protocol even though its more appropriately FTPS (not sftp). in ssis i tried […]

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.