Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
Featured Script
Redgate SQL Change Automation
The Voice of the DBA
 

IT Staffer Fired

In the early 2000s, it seemed that many companies were hit with a rash of virus attacks on their networks. Certainly the SQL Slammer worm affected many of us, and it was a memorable week for me. I returned from vacation to get a call late on Sunday night informing me of issues. I spent a long work working with network people and Microsoft to rid our (shut down) network of the worm, a difficult process with a wide deployment of MSDE instances installed in non-standard locations.

Not long after this, we had another virus invade our network and shut down systems. This was due to a high level manager clicking on an attachment in email, which spread issues to (far too) many others inside the company. Another long night for me patching and cleaning systems, and one where I questioned how someone could be fooled.

In the last year, a similar rash of incidents have spread around various organizations, this time with ransomware instead of viruses. One Florida city government was hit, with an IT worker being at fault for opening a document they received in email. The result? The city paid a ransom and the employee was fired.

Is this fair? I've seen the Twitter mobs and rapid comment trolls condemning and praising both sides. It appears many people rightly think someone clicking on unknown attachments should be fired, while there is no shortage of others that understand that humans get fooled and termination is too harsh.

Personally, I don't know what to think. While most phishing and spam is poorly written, and I often check headers and easily see these notes for what they are. I have seen some very sophisticated and incredibly deceitful emails that might fool most of us.

If you have a privileged account, you better be really careful about opening any attachments from email. You shouldn't download pictures by default except from whitelisted senders, and you might even want to stop doing that. Who knows if your co-worker or business partner got fooled.

It's disconcerting though not unexpected. Perhaps this person was at fault, perhaps it was  mistake. Being fired is never fun, and all of us should be a little worried about this if we're not careful.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

Redgate SQL Compare
 
  Featured Contents

A Self-Tuning Fill Factor Technique for SQL Server – Part 1

Mike Byrd from SQLServerCentral

Introduction So what’s all the fuss about Fill Factor? It is a SQL Server parameter I’ve ignored for 20+ years. The main reason was/is I’ve had no idea about what value to use. There is just no documented definitive guidance. Back in April at SQL Saturday #830 - Colorado Springs, I attended two sessions by […]

Using SQL Monitor to manage a growing server estate

Additional Articles from Redgate

The State of SQL Server Monitoring report found that monitoring is key to managing large estates, and as estates continue to grow the need for a monitoring solution that is scalable is increasing. German IT Service Provider Fiducia & GAD IT AG implemented Redgate’s SQL Monitor to better manage the performance of its growing SQL Server estate.

From the SQL Server Central Blogs - My Preferences for SSIS Design

Meagan Longoria from Data Savvy

Lately, I have been using SSIS execution frameworks and Biml created by other people to populate data marts and data warehouses. It has taught me a few things and...

From the SQL Server Central Blogs - July 2019 – New Microsoft security update for Spectre variant

K. Brian Kelley from Databases – Infrastructure – Security

If you remember the flurry of news from the beginning of 2018 about side channel attacks called Spectre and Meltdown, Microsoft has included in its July update a patch...

 

  Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Security Design

In the SQL Server 2005 era and the Trustworthy Computing Initiative, Microsoft embraced the development of SQL Server by following a few pillars of security design. They were secure what?

Think you know the answer? Click here, and find out if you are right.

 

 

  Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Storing JSON data

In SQL Server 2017, how do I store JSON data in a table? I have this table, so choose the value that will go in place of the XXX.

CREATE TABLE Song
( SongKey int identity(1,1)
, SongData XXX
);

Answer: Either "NVARCHAR" or "VARCHAR"

Explanation: You can use VARCHAR() or NVARCHAR() for storing JSON documents. There is no JSON datatype. Be aware that the JSON functions assume nvarchar and return that type. Ref: Store JSON documents in SQL Server - https://docs.microsoft.com/en-us/sql/relational-databases/json/store-json-documents-in-sql-tables?view=sql-server-2017

Discuss this question and answer on the forums

 

Featured Script

ErrorHandling for running or deploying code

dawaller from SQLServerCentral

Do you ever wish you had a better way to run or deploy scripts? We use this format for all types of work.

USE DatabaseName;
GO

DECLARE @Operation_Started nvarchar(max) = N'Operation started.',
@Operation_Ended nvarchar(max) = N'Operation ended.',
@Transaction_Start_Msg nvarchar(max) = N'Transaction started.',
@Transaction_End_Msg nvarchar(max) = N'Transaction ended.',
@Commit_Msg nvarchar(max) = N'Transaction Committed successfully.',
@RollBack_Msg nvarchar(max) = N'Transaction Unsuccessful. Rolled Back!. No Further DB Operation Needed! Inform the Developer.';

PRINT @Transaction_Start_Msg;
BEGIN TRANSACTION

BEGIN TRY
---------------------------------------------------------------------------------------------
-- BEGIN of All Operations
---------------------------------------------------------------------------------------------

---------------------------------------
-- BEGIN Operation 1
---------------------------------------
PRINT @Operation_Started + ' No:1';
---------------------------------------

/**

Place code here

**/

---------------------------------------
-- END Operation 1
---------------------------------------
PRINT @Operation_Ended + ' No:1';
---------------------------------------

---------------------------------------------------------------------------------------------
-- END of All Operations
---------------------------------------------------------------------------------------------

COMMIT TRANSACTION
PRINT @Commit_Msg;

PRINT @Transaction_End_Msg;

END TRY
BEGIN CATCH

ROLLBACK TRANSACTION
PRINT @RollBack_Msg;

SELECT @RollBack_Msg AS 'ERROR!'

SELECT
ERROR_NUMBER() AS ErrorNumber,
ERROR_SEVERITY() AS ErrorSeverity,
ERROR_STATE() AS ErrorState,
ERROR_PROCEDURE() AS ErrorProcedure,
ERROR_LINE() AS ErrorLine,
ERROR_MESSAGE() AS ErrorMessage

END CATCH

More »

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.


SQL Server 2017 - Development
Possible to call SSIS Environment Variable from stored proc? - I'm using SSIS Catalog with an Environment, and it works great with packages. Is it possible to get the value of an environment variable from a stored procedure?
SQL Server 2016 - Administration
Copy-DbaAgentJob without the steps - Hello everyone , I need to transfer all jobs without the steps I want to transfer the name of the job, the scheduling of execution, the alert only with the tool dbatools Copy-DbaAgentJob this is possible thank you
How to connect to secondary replica - Hi, I want developers to go to secondary replica for running select queries. So, I'm testing this by connecting to SSMS and providing "ApplicationIntent=ReadOnly" under options->additional parameters. But it is still going to Primary. I'm using below query to check which replica I'm connected to and it is showing as Primary. Please advise. SELECT ars.role_desc […]
SSISDB - I am looking to move SSISDB from old server to SQL 2016. Would the new server needs Integration services installed? I have the restored the database and everything looks good to me. There is any additional things would be needed to done?
SQL Server 2016 - Development and T-SQL
Performance Debate - Looking for Opinions on if this area of a C# application should be modified in how it hands things off to the DB. The table in question has two columns (ListId,PersonId)   there can be multiple PersonID with different list ID's The UI of the application allows you to go in and view all these Lists […]
Administration - SQL Server 2014
questions server packs - Hi, We are currently on SQL Server 2012 SPS 2. I was wondering to get them up to date do I, go sps 3 and then 4 or can I just take sps 4? Is there anything that I have to be concern about in installing these on a production unit. Thank you
Development - SQL Server 2014
SQL Collation different in tables and columns - Hi, I'm getting an infuriating issue where I have my default collation of the server set to SQL_Latin1_General_CP1_CI_AS. For some unknown reason some tables in different databases have a different collation AND some columns within those tables have a different collation again. It's driving me mad. Any idea how I can stop this from happening? […]
SQL 2012 - General
SQL 2012 Patch Release Dates - Is MS releasing any additional patches for SQLSERVER 2012?  A patch release was last introduced March of 2018.    
How to upload an rdl from SSRS - Hi, According to a number of places on the web, to add a custom report in SQL Server, you just have to go to Reports to custom reports then add you rdl. However, when I do that I get the following message, which I am not sure what it means or what I can do […]
SQL Server 2012 - T-SQL
How to preapare Vintage Analysis report in sql - hi, How to preapare Vintage Analysis report in sql.Can someone help me with code. Sample dat and Desired output is attached for reference.
SQL Server 2008 - General
Need to group multiple lines into one line - so I really struggle with grouping.  I have a view and it takes a few accounts and basically uses the same account.  when the view runs I get 5 lines.  4 lines for the accounts I am grouping and 1 line for the master account. so the first four accounts 1560020, 1560100, 1560300, 1560400 all […]
SQL Server Newbies
Basics to loading data - I'm trying to get better at loading data, flat files, Excel files from Apknite company into their SQL Tables. Here is my question because I have no one else in real life to bounce this idea off of to see if this is an accepted method/practice. Import TXT file to 'staging table' everything as varchar. […]
SSRS 2016
Textbox expression returning error - Hi, I have an expression in a cell of a table in SSRS. Whenever I try the preview the report it is coming up with this error: "The Value expression for the textrun ‘Standard.Paragraphs[0].TextRuns[0]’ contains an error: [BC30471] Expression is not an array or a method, and cannot have an argument list." My expression is […]
General
VBA Error Handling When Opening Another Macro - I have a process in which a macro loops through a list of other macros to run. I'm trying to add error handling in the parent macro so that if one of the other macros being called errors then it won't pop up with an alert and it will also close out and move on […]
Integration Services
Using a variable in Excel Connection Manager - I am trying to create a package that will import a file using the filename from a SQL table. I first created the package to read a single filename and it worked fine. Now I am trying to add a SQL task before the Data Flow that get the filename from the table. I set […]
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -